General
-
Target
39c1e6b2be52d7021d682e6eb9bcf94808e43104dd82317cd7724ba83c923240
-
Size
252KB
-
Sample
220520-3xcm5shfe5
-
MD5
feed791679eb25e2ceb17ef7bcf86f59
-
SHA1
7c7107ca75819e7155440319b8cee889947ce494
-
SHA256
39c1e6b2be52d7021d682e6eb9bcf94808e43104dd82317cd7724ba83c923240
-
SHA512
3c458c1c9b072256e55b03de3c67d312383969de36118fcf729a1c800c8d05d810dd6f31f59958523c7053b718752b8666c6ed21c5d629173001a5736ac9e423
Malware Config
Extracted
darkcomet
All
31.128.147.14:1604
31.128.147.14:81
DC_MUTEX-MK6PJ00
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
qf64xyxplhl0
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
39c1e6b2be52d7021d682e6eb9bcf94808e43104dd82317cd7724ba83c923240
-
Size
252KB
-
MD5
feed791679eb25e2ceb17ef7bcf86f59
-
SHA1
7c7107ca75819e7155440319b8cee889947ce494
-
SHA256
39c1e6b2be52d7021d682e6eb9bcf94808e43104dd82317cd7724ba83c923240
-
SHA512
3c458c1c9b072256e55b03de3c67d312383969de36118fcf729a1c800c8d05d810dd6f31f59958523c7053b718752b8666c6ed21c5d629173001a5736ac9e423
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-