General
-
Target
opengl installer.exe
-
Size
252KB
-
Sample
220414-p8a2sshebl
-
MD5
ad987dd8602b2b78090a08f73212a7a0
-
SHA1
4cc227c83d1403a29c2f68ef0afe12725e0dc996
-
SHA256
5a2ab897c8f8d779118f7e29f018796913274a8e6d7d815955c028bd9a576360
-
SHA512
248f94693dd0ee2514f900a1d68356179e971c29ca625fb499aab6dc7767dedcf452dfa9ccc571c06cb2cbdd32798d7451bbc4a917014b5147e22ffdec3bd47d
Malware Config
Extracted
darkcomet
Guest16
vmcollab.duckdns.org:25565
DC_MUTEX-A7C9C03
-
InstallPath
Microsoft\msdcsc.exe
-
gencode
dKGrhcbe5liA
-
install
true
-
offline_keylogger
true
-
persistence
true
Targets
-
-
Target
opengl installer.exe
-
Size
252KB
-
MD5
ad987dd8602b2b78090a08f73212a7a0
-
SHA1
4cc227c83d1403a29c2f68ef0afe12725e0dc996
-
SHA256
5a2ab897c8f8d779118f7e29f018796913274a8e6d7d815955c028bd9a576360
-
SHA512
248f94693dd0ee2514f900a1d68356179e971c29ca625fb499aab6dc7767dedcf452dfa9ccc571c06cb2cbdd32798d7451bbc4a917014b5147e22ffdec3bd47d
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-