General
-
Target
12b85bcb0245b64c46003af12413079fb940fb307aeacad8533e442b988a8687
-
Size
736KB
-
Sample
220603-rz5wxsdgam
-
MD5
444b043b54a70aa68bce3cd8a48fbf02
-
SHA1
4ac6078a960f858bfa9ed7d5a94d7fb54b06f628
-
SHA256
12b85bcb0245b64c46003af12413079fb940fb307aeacad8533e442b988a8687
-
SHA512
9ae87b25e615ace26787abc3a0593f6e64766b661ebbde1bea098609fa257af9d3808974f9c2ab38232a0fba26852469473c1788596e6ade19133aaa8e5c26bd
Malware Config
Extracted
darkcomet
HF
179.43.150.105:1606
DC_MUTEX-CNAFSEW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Q9rRWez1PrbJ
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
12b85bcb0245b64c46003af12413079fb940fb307aeacad8533e442b988a8687
-
Size
736KB
-
MD5
444b043b54a70aa68bce3cd8a48fbf02
-
SHA1
4ac6078a960f858bfa9ed7d5a94d7fb54b06f628
-
SHA256
12b85bcb0245b64c46003af12413079fb940fb307aeacad8533e442b988a8687
-
SHA512
9ae87b25e615ace26787abc3a0593f6e64766b661ebbde1bea098609fa257af9d3808974f9c2ab38232a0fba26852469473c1788596e6ade19133aaa8e5c26bd
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-