General
-
Target
320fcc1bded54294bc067897d915e3fe23d66616a5737035f135830e001afa9a
-
Size
601KB
-
Sample
221021-yk1rzsdbdj
-
MD5
6e35d761c7b9ae2824f4167602e0a2c0
-
SHA1
ecea2fffe2335cb4f74bc7fe1fc6dde982792756
-
SHA256
320fcc1bded54294bc067897d915e3fe23d66616a5737035f135830e001afa9a
-
SHA512
7b63dabb9e89c330fac18c049bf4f963897e962c6877857203def081b9c6b3fe4c13d4d443aab48b17440b534d08b86c3d0107ca34795fdd031643d7a8929fe6
-
SSDEEP
12288:OcW7KEZlPzCy37+rnGxPRJPHFfv2tBmcOHnMvzU:iKiRzC0+rwVlHsBmcf
Malware Config
Extracted
darkcomet
HF
hostme1234.no-ip.biz:1604
DC_MUTEX-PZZQ6XS
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
x1Lqu64fG247
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
320fcc1bded54294bc067897d915e3fe23d66616a5737035f135830e001afa9a
-
Size
601KB
-
MD5
6e35d761c7b9ae2824f4167602e0a2c0
-
SHA1
ecea2fffe2335cb4f74bc7fe1fc6dde982792756
-
SHA256
320fcc1bded54294bc067897d915e3fe23d66616a5737035f135830e001afa9a
-
SHA512
7b63dabb9e89c330fac18c049bf4f963897e962c6877857203def081b9c6b3fe4c13d4d443aab48b17440b534d08b86c3d0107ca34795fdd031643d7a8929fe6
-
SSDEEP
12288:OcW7KEZlPzCy37+rnGxPRJPHFfv2tBmcOHnMvzU:iKiRzC0+rwVlHsBmcf
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-