General
-
Target
f39cf76bea672912a70974a84cf6ce37188014dc1013ad00ad1fdefb8e7d9b15
-
Size
1018KB
-
Sample
210830-ztmwdgk33j
-
MD5
6f9819c9917076a9c47781971ab914e4
-
SHA1
69b3110f529e725bbaf3fe7c014c10826ef93a33
-
SHA256
f39cf76bea672912a70974a84cf6ce37188014dc1013ad00ad1fdefb8e7d9b15
-
SHA512
337b3cf95e8ac687d630b54817919727c1ea18f0b83d45e8fb82f960ca7542c87fd3203afb9726bbbae5babac9b21f13c0d23df392a94147111b7dce881b27fe
Malware Config
Extracted
darkcomet
Guest16
radyom.duckdns.org:1604
DC_MUTEX-WJQYLQF
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
fKsi9oKEtUJS
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
f39cf76bea672912a70974a84cf6ce37188014dc1013ad00ad1fdefb8e7d9b15
-
Size
1018KB
-
MD5
6f9819c9917076a9c47781971ab914e4
-
SHA1
69b3110f529e725bbaf3fe7c014c10826ef93a33
-
SHA256
f39cf76bea672912a70974a84cf6ce37188014dc1013ad00ad1fdefb8e7d9b15
-
SHA512
337b3cf95e8ac687d630b54817919727c1ea18f0b83d45e8fb82f960ca7542c87fd3203afb9726bbbae5babac9b21f13c0d23df392a94147111b7dce881b27fe
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-