General
-
Target
58a2fa4a15e85f2cba62f30a84220cda8dffc43193acb8aa5cd83c4d40d28453
-
Size
752KB
-
Sample
201106-j6lazgavs2
-
MD5
72cb9f5693c7dff79fecd8cdb3880ea8
-
SHA1
9b7ac2f7dd26ae17c0048f630286f13689f195bb
-
SHA256
58a2fa4a15e85f2cba62f30a84220cda8dffc43193acb8aa5cd83c4d40d28453
-
SHA512
06b040c5766c6d4639d77130ca4653dc7083d9af47d25d7a0975958d1412d9606ba8cc2b20b67594355b60c1f9d2ce1a8b8adbc323f65276c30e7e56b03786f5
Malware Config
Extracted
darkcomet
2020NOV5
sandyclark255.hopto.org:1605
DC_MUTEX-XRQ89VC
-
InstallPath
skypew.exe
-
gencode
pZP6alYpcpSq
-
install
true
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
true
-
reg_key
skype
Targets
-
-
Target
58a2fa4a15e85f2cba62f30a84220cda8dffc43193acb8aa5cd83c4d40d28453
-
Size
752KB
-
MD5
72cb9f5693c7dff79fecd8cdb3880ea8
-
SHA1
9b7ac2f7dd26ae17c0048f630286f13689f195bb
-
SHA256
58a2fa4a15e85f2cba62f30a84220cda8dffc43193acb8aa5cd83c4d40d28453
-
SHA512
06b040c5766c6d4639d77130ca4653dc7083d9af47d25d7a0975958d1412d9606ba8cc2b20b67594355b60c1f9d2ce1a8b8adbc323f65276c30e7e56b03786f5
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-