General
-
Target
4ce2cf34817e0f979a5c587ed0cc896100740dd590d438430cb9a872573e759c
-
Size
1.1MB
-
Sample
220919-xlc7msdca2
-
MD5
fb5279b97561bd435225aea0fe380a2b
-
SHA1
05a08e77aaaebee4c5fb7b4b69f1f1e32268a3a9
-
SHA256
4ce2cf34817e0f979a5c587ed0cc896100740dd590d438430cb9a872573e759c
-
SHA512
5f9922f1624b78df4ae4aaf64f03c3e32b4d3a688706ce4f5c9314b7d1118eea9eef174e08cff491c15c4f3b00e6d707f99f9c7e8ab1f46614e57619d97b67db
-
SSDEEP
24576:Jw+l7nRopHFw7TuyMZ2UjdJk9bk/ft1AbO7lzW:JBLRopHFw7TuMUR57AOl
Malware Config
Extracted
darkcomet
Guest16
vhooodi.no-ip.info:81
DC_MUTEX-VEEBJCM
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
DyT3pw2vG4x7
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
4ce2cf34817e0f979a5c587ed0cc896100740dd590d438430cb9a872573e759c
-
Size
1.1MB
-
MD5
fb5279b97561bd435225aea0fe380a2b
-
SHA1
05a08e77aaaebee4c5fb7b4b69f1f1e32268a3a9
-
SHA256
4ce2cf34817e0f979a5c587ed0cc896100740dd590d438430cb9a872573e759c
-
SHA512
5f9922f1624b78df4ae4aaf64f03c3e32b4d3a688706ce4f5c9314b7d1118eea9eef174e08cff491c15c4f3b00e6d707f99f9c7e8ab1f46614e57619d97b67db
-
SSDEEP
24576:Jw+l7nRopHFw7TuyMZ2UjdJk9bk/ft1AbO7lzW:JBLRopHFw7TuMUR57AOl
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-