General
-
Target
22681287fe40149600120243ba97cadc242600d8fb9190adf98efccbf89c064b
-
Size
753KB
-
Sample
221001-1ljwzaabcj
-
MD5
6164b89fb1038bc271cad23b75b8bcda
-
SHA1
9e8a1becd54a69adc7367e0c98cd33041f5e1ed5
-
SHA256
22681287fe40149600120243ba97cadc242600d8fb9190adf98efccbf89c064b
-
SHA512
7766a0c3ea22e7d4a440e9a687c6ee2f0e200035ce54cbd3ebe51dca1714dac74b1409ad7991965072b30f35d8c8ebc9a7f00d2acd8cd1c4f5cef7fa6ef680c1
-
SSDEEP
12288:K4bUx79HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h:KJZ1xuVVjfFoynPaVBUR8f+kN10EB
Malware Config
Extracted
darkcomet
new
serverexe.no-ip.org:5112
DC_MUTEX-79PF79N
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
oYlexrzdlPwE
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
22681287fe40149600120243ba97cadc242600d8fb9190adf98efccbf89c064b
-
Size
753KB
-
MD5
6164b89fb1038bc271cad23b75b8bcda
-
SHA1
9e8a1becd54a69adc7367e0c98cd33041f5e1ed5
-
SHA256
22681287fe40149600120243ba97cadc242600d8fb9190adf98efccbf89c064b
-
SHA512
7766a0c3ea22e7d4a440e9a687c6ee2f0e200035ce54cbd3ebe51dca1714dac74b1409ad7991965072b30f35d8c8ebc9a7f00d2acd8cd1c4f5cef7fa6ef680c1
-
SSDEEP
12288:K4bUx79HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h:KJZ1xuVVjfFoynPaVBUR8f+kN10EB
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-