General
-
Target
6a15adf0e37dfbdaed5743a343921f5aa4627d514a057f2d58e135fc4485c14b
-
Size
235KB
-
Sample
221106-m7k49sbbbq
-
MD5
1bb82c45e08494d67d2b5396c6fbf8a6
-
SHA1
0fc9a358d900033119fc629ffdde1d532d5b0c3e
-
SHA256
6a15adf0e37dfbdaed5743a343921f5aa4627d514a057f2d58e135fc4485c14b
-
SHA512
672a47ec05262a80ee3aeb227a7797bc6eadb241673045c11ddceae6384841f1092f8bf40eaea555f0dd6d9718ffe647315564b52138fb0367d5f20de036694b
-
SSDEEP
6144:XYLtU7Ixhnhz5TN6mJWd/7qMD8gm8tNwqkZ:osI3lFZWdqsw8tNwq
Malware Config
Extracted
darkcomet
Guest16
thekingh.zapto.org:90
DC_MUTEX-83JBCKK
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
rl2gmEbYj5Km
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
6a15adf0e37dfbdaed5743a343921f5aa4627d514a057f2d58e135fc4485c14b
-
Size
235KB
-
MD5
1bb82c45e08494d67d2b5396c6fbf8a6
-
SHA1
0fc9a358d900033119fc629ffdde1d532d5b0c3e
-
SHA256
6a15adf0e37dfbdaed5743a343921f5aa4627d514a057f2d58e135fc4485c14b
-
SHA512
672a47ec05262a80ee3aeb227a7797bc6eadb241673045c11ddceae6384841f1092f8bf40eaea555f0dd6d9718ffe647315564b52138fb0367d5f20de036694b
-
SSDEEP
6144:XYLtU7Ixhnhz5TN6mJWd/7qMD8gm8tNwqkZ:osI3lFZWdqsw8tNwq
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-