General
-
Target
d1aec69022f03a05456873fb70b1ee296652e1f6c5ddbcc59d3ab217a210590d
-
Size
756KB
-
Sample
221014-l1lxjsacdq
-
MD5
6a929cc00fa03cb11a9cfb0b6eb54c60
-
SHA1
3c8bbc7129b13e3180a5394336c5d1adb3303923
-
SHA256
d1aec69022f03a05456873fb70b1ee296652e1f6c5ddbcc59d3ab217a210590d
-
SHA512
82ff741c99c383db5245bb0411046f9f18992859d469d67f9745d659fea2b1cca4becac2c06cbc5ad6271412d52670a8278f471acb626f365799277ecfea1a7d
-
SSDEEP
12288:99HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h0:XZ1xuVVjfFoynPaVBUR8f+kN10EBy
Malware Config
Extracted
darkcomet
Guest16
bestmagicman.no-ip.biz:1604
DCMIN_MUTEX-SZBY77N
-
InstallPath
DCSCMIN\windowsdefender.exe
-
gencode
qtlW6cilQ2ol
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
d1aec69022f03a05456873fb70b1ee296652e1f6c5ddbcc59d3ab217a210590d
-
Size
756KB
-
MD5
6a929cc00fa03cb11a9cfb0b6eb54c60
-
SHA1
3c8bbc7129b13e3180a5394336c5d1adb3303923
-
SHA256
d1aec69022f03a05456873fb70b1ee296652e1f6c5ddbcc59d3ab217a210590d
-
SHA512
82ff741c99c383db5245bb0411046f9f18992859d469d67f9745d659fea2b1cca4becac2c06cbc5ad6271412d52670a8278f471acb626f365799277ecfea1a7d
-
SSDEEP
12288:99HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h0:XZ1xuVVjfFoynPaVBUR8f+kN10EBy
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-