General
-
Target
c3882979a320751a28a294b86caa123f55861b9a2e5ee952bf7df9e7dd708117
-
Size
680KB
-
Sample
221106-m545csgfe8
-
MD5
11c0cc59d85bd6bf89ac8215cb2d6bf0
-
SHA1
b3c28c6583ed5fdcff4cd8145d7bcca475ff4468
-
SHA256
c3882979a320751a28a294b86caa123f55861b9a2e5ee952bf7df9e7dd708117
-
SHA512
474ba0073354d65613ddb308498e0a917258a1a8017e68d4193210bf0207561c2ad546bbad8ebab9d5e4e1e510dbe0409d7bffd15b8e79f6643ce40b587d07d2
-
SSDEEP
12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hweAd:OZ1xuVVjfFoynPaVBUR8f+kN10EBS9d
Malware Config
Extracted
darkcomet
League
senolmasansaten.no-ip.org:1604
DC_MUTEX-G5JE4FS
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
ZUszclZc3QEh
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
rundlll
Targets
-
-
Target
c3882979a320751a28a294b86caa123f55861b9a2e5ee952bf7df9e7dd708117
-
Size
680KB
-
MD5
11c0cc59d85bd6bf89ac8215cb2d6bf0
-
SHA1
b3c28c6583ed5fdcff4cd8145d7bcca475ff4468
-
SHA256
c3882979a320751a28a294b86caa123f55861b9a2e5ee952bf7df9e7dd708117
-
SHA512
474ba0073354d65613ddb308498e0a917258a1a8017e68d4193210bf0207561c2ad546bbad8ebab9d5e4e1e510dbe0409d7bffd15b8e79f6643ce40b587d07d2
-
SSDEEP
12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hweAd:OZ1xuVVjfFoynPaVBUR8f+kN10EBS9d
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-