General
-
Target
b22b2d1e592b4a7af634805a398222af210b9e3a35b6e2d90ae7ba53cda7d415
-
Size
658KB
-
Sample
220725-ajk35sfabp
-
MD5
012c913e751ab367e15764c21caeda17
-
SHA1
2ed45638dd8b9730be7e1e128aad0fd89fe423e2
-
SHA256
b22b2d1e592b4a7af634805a398222af210b9e3a35b6e2d90ae7ba53cda7d415
-
SHA512
9a3a8136fcf6d9e30c8d7cc97d1fbe5bbfe4326cc1891232027348666fb89b81c218638e42ded7df294e84a3b85b423c6ee51138d55c89d284d8f3792bc0a514
Malware Config
Extracted
darkcomet
Hello
wbbebe.ddns.net:1604
DC_MUTEX-LMU8FMS
-
InstallPath
MSDCSC\svchost.exe
-
gencode
puGMcKAsuLmD
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
b22b2d1e592b4a7af634805a398222af210b9e3a35b6e2d90ae7ba53cda7d415
-
Size
658KB
-
MD5
012c913e751ab367e15764c21caeda17
-
SHA1
2ed45638dd8b9730be7e1e128aad0fd89fe423e2
-
SHA256
b22b2d1e592b4a7af634805a398222af210b9e3a35b6e2d90ae7ba53cda7d415
-
SHA512
9a3a8136fcf6d9e30c8d7cc97d1fbe5bbfe4326cc1891232027348666fb89b81c218638e42ded7df294e84a3b85b423c6ee51138d55c89d284d8f3792bc0a514
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-