General
-
Target
894e3644929bec7530458bf5e71b3d4fc1f2cae8fa9ea17880644c9a8b09a523
-
Size
1.4MB
-
Sample
221123-q16zyaad9t
-
MD5
60a9c28e01b11254b21a765021a5c047
-
SHA1
6b070320d8fd5f062884ff97d6fa0914c25ca497
-
SHA256
894e3644929bec7530458bf5e71b3d4fc1f2cae8fa9ea17880644c9a8b09a523
-
SHA512
65b1d35ee737fb86f61632ec9411927cd693ea74d51aa3db2aa2048ec9924ca96d2c4f58f86c79b8a309a3345ab251c8c26ae37473ae9636ba52488c97cc9be9
-
SSDEEP
12288:EmG3KzGqLHIZ9wivE7hBeZ7AJhVGAQhHPq3Ycat4WUujROpDdn6mh/k+lNhI2r:bG65IZ9wivgBetuGAQhvcWLgCmFkcLr
Malware Config
Extracted
darkcomet
WIRE
munachim.linkpc.net:1605
DCMIN_MUTEX-MSP77U0
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
mor58pndC03T
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
894e3644929bec7530458bf5e71b3d4fc1f2cae8fa9ea17880644c9a8b09a523
-
Size
1.4MB
-
MD5
60a9c28e01b11254b21a765021a5c047
-
SHA1
6b070320d8fd5f062884ff97d6fa0914c25ca497
-
SHA256
894e3644929bec7530458bf5e71b3d4fc1f2cae8fa9ea17880644c9a8b09a523
-
SHA512
65b1d35ee737fb86f61632ec9411927cd693ea74d51aa3db2aa2048ec9924ca96d2c4f58f86c79b8a309a3345ab251c8c26ae37473ae9636ba52488c97cc9be9
-
SSDEEP
12288:EmG3KzGqLHIZ9wivE7hBeZ7AJhVGAQhHPq3Ycat4WUujROpDdn6mh/k+lNhI2r:bG65IZ9wivgBetuGAQhvcWLgCmFkcLr
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-