General
-
Target
217a145601bc8ad425143579bd3c833d8a5d6abbeb6fad8b5247e4a794284376
-
Size
690KB
-
Sample
221002-snk8tacbb8
-
MD5
6f2a81e6bd5a5b2384d6457b6bb41450
-
SHA1
d35218dbe0356493cdb5fb659f48d5993c952700
-
SHA256
217a145601bc8ad425143579bd3c833d8a5d6abbeb6fad8b5247e4a794284376
-
SHA512
45939d80f41257c9a2a1fc14fc8e96158b0716ab54a425503eb232b989778915969beecd559f688bebfda1e4b3464d74ceb95f550b81e781ae7fd91b4fcfb37b
-
SSDEEP
12288:l9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hBT:vZ1xuVVjfFoynPaVBUR8f+kN10EBH
Malware Config
Extracted
darkcomet
Guest16
nipplepatty.zapto.org:1604
nipplepatty.zapto.org:1609
DC_MUTEX-UEY4WCY
-
InstallPath
Services\explorer.exe
-
gencode
XT6n1YG525Fl
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
explorer*32
Targets
-
-
Target
217a145601bc8ad425143579bd3c833d8a5d6abbeb6fad8b5247e4a794284376
-
Size
690KB
-
MD5
6f2a81e6bd5a5b2384d6457b6bb41450
-
SHA1
d35218dbe0356493cdb5fb659f48d5993c952700
-
SHA256
217a145601bc8ad425143579bd3c833d8a5d6abbeb6fad8b5247e4a794284376
-
SHA512
45939d80f41257c9a2a1fc14fc8e96158b0716ab54a425503eb232b989778915969beecd559f688bebfda1e4b3464d74ceb95f550b81e781ae7fd91b4fcfb37b
-
SSDEEP
12288:l9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hBT:vZ1xuVVjfFoynPaVBUR8f+kN10EBH
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-