General
-
Target
60cf22416dff14b1977a738f9b3510f28a2c8b26b2fe5013f2056369b5ea95b1
-
Size
658KB
-
Sample
221004-dxrdvsafd9
-
MD5
51b4396f49c58bfb4d75f645d9b9f820
-
SHA1
59cff2faa357e8685d0bd5ac62879ae2e3941b7c
-
SHA256
60cf22416dff14b1977a738f9b3510f28a2c8b26b2fe5013f2056369b5ea95b1
-
SHA512
622d29cbdf9431fbb8374f928405a7aa59c606e813c1f3899e0dceea59cd721097403162a749715948e20e7217fcc9a64ad40ab6c2f4c12838aa37e2337928a2
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNC1Lo9Ek5C/hP:+Z1xuVVjfFoynPaVBUR8f+kNC0EBd
Malware Config
Extracted
darkcomet
HF
bonke.no-ip.org:1604
DC_MUTEX-N4B5F1E
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Y84HPLv1l3Vk
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
60cf22416dff14b1977a738f9b3510f28a2c8b26b2fe5013f2056369b5ea95b1
-
Size
658KB
-
MD5
51b4396f49c58bfb4d75f645d9b9f820
-
SHA1
59cff2faa357e8685d0bd5ac62879ae2e3941b7c
-
SHA256
60cf22416dff14b1977a738f9b3510f28a2c8b26b2fe5013f2056369b5ea95b1
-
SHA512
622d29cbdf9431fbb8374f928405a7aa59c606e813c1f3899e0dceea59cd721097403162a749715948e20e7217fcc9a64ad40ab6c2f4c12838aa37e2337928a2
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNC1Lo9Ek5C/hP:+Z1xuVVjfFoynPaVBUR8f+kNC0EBd
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-