General
-
Target
77c08522a979d835a04e0e6be7567d5ce58f27b6939f5d491c05680f60af670d
-
Size
392KB
-
Sample
221001-3ndh3scbe2
-
MD5
78015ac78c3ad87fdadd6ed4488c4ac0
-
SHA1
0c4219868261b460dc4f126bd796f96e8b23e770
-
SHA256
77c08522a979d835a04e0e6be7567d5ce58f27b6939f5d491c05680f60af670d
-
SHA512
0d1aa3696cc03b795a954fd04e5ab13762c17d02222f2a49d6ec94873ce3ea5a53ccddf78b5f18662eae0a535754e50d8998e54b4877136285a356832c53fecf
-
SSDEEP
6144:pcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37UMEFhG9KOUH0c7FT8EXN3BsV/0:pcW7KEZlPzCy37T0GEtD7FB3B
Malware Config
Extracted
darkcomet
Guest16
hack6969.zapto.org:1604
Btrev.ddns.net:1336
DC_MUTEX-N1UFMN8
-
InstallPath
MSDCSC\svchost.exe
-
gencode
3396looGFZlq
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
77c08522a979d835a04e0e6be7567d5ce58f27b6939f5d491c05680f60af670d
-
Size
392KB
-
MD5
78015ac78c3ad87fdadd6ed4488c4ac0
-
SHA1
0c4219868261b460dc4f126bd796f96e8b23e770
-
SHA256
77c08522a979d835a04e0e6be7567d5ce58f27b6939f5d491c05680f60af670d
-
SHA512
0d1aa3696cc03b795a954fd04e5ab13762c17d02222f2a49d6ec94873ce3ea5a53ccddf78b5f18662eae0a535754e50d8998e54b4877136285a356832c53fecf
-
SSDEEP
6144:pcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37UMEFhG9KOUH0c7FT8EXN3BsV/0:pcW7KEZlPzCy37T0GEtD7FB3B
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-