General
-
Target
e19b2a8843306438d9077dc3cd8874a298d2faf0ee938992e384c33589b37484.exe
-
Size
1.1MB
-
Sample
250212-s7yy1sxqek
-
MD5
48589046a8c235f8299542e3a24055dd
-
SHA1
5192e12968bbae27a3fe9387ed619ab0f051eae9
-
SHA256
e19b2a8843306438d9077dc3cd8874a298d2faf0ee938992e384c33589b37484
-
SHA512
dc2b858d286cf98855f8fe9894eb066a0096941ef704b0f16a700f1b2cde88e644c2c3f8bc668685d8464370d790537a01bfeb06eb29c2a9d3241dd7e2ee230a
-
SSDEEP
24576:E2E45uGXsiFAXlI+stPgCf5b7PNe63rRJARKFUESawb:Vt0GXsiFgIDICf5bjRJ2YUESawb
Malware Config
Extracted
darkcomet
Guest16
6.tcp.eu.ngrok.io:14132
DC_MUTEX-27TT0HN
-
gencode
07pFy7KTFVqL
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
e19b2a8843306438d9077dc3cd8874a298d2faf0ee938992e384c33589b37484.exe
-
Size
1.1MB
-
MD5
48589046a8c235f8299542e3a24055dd
-
SHA1
5192e12968bbae27a3fe9387ed619ab0f051eae9
-
SHA256
e19b2a8843306438d9077dc3cd8874a298d2faf0ee938992e384c33589b37484
-
SHA512
dc2b858d286cf98855f8fe9894eb066a0096941ef704b0f16a700f1b2cde88e644c2c3f8bc668685d8464370d790537a01bfeb06eb29c2a9d3241dd7e2ee230a
-
SSDEEP
24576:E2E45uGXsiFAXlI+stPgCf5b7PNe63rRJARKFUESawb:Vt0GXsiFgIDICf5bjRJ2YUESawb
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-