General
-
Target
628c23d063f84d1985f9b51a8841ccf9988bc2a31f1b8c6993f255b887ad6ff0
-
Size
350KB
-
Sample
221123-s5429adb49
-
MD5
419bea8711945b4185825587a2e5b73d
-
SHA1
f8f02d52acf2b828148a11c8e34526b08c5433a7
-
SHA256
628c23d063f84d1985f9b51a8841ccf9988bc2a31f1b8c6993f255b887ad6ff0
-
SHA512
5c5be665eab48de558005861a15eade944c8eca3738381d3e054a074224dfd50f0b1da5805f0da8691dae1c5578aefb6c9cb8a4af115759205aa41062412c5ff
-
SSDEEP
6144:YD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZFY05LLTMdW+:Yl8E4w5huat7UovONzbXwS0dMd0QZh9u
Malware Config
Extracted
darkcomet
Windows
darkcomet30.zapto.org:1604
192.168.1.4:1604
DC_MUTEX-VYWT48W
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Qmcc37KssvVE
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
628c23d063f84d1985f9b51a8841ccf9988bc2a31f1b8c6993f255b887ad6ff0
-
Size
350KB
-
MD5
419bea8711945b4185825587a2e5b73d
-
SHA1
f8f02d52acf2b828148a11c8e34526b08c5433a7
-
SHA256
628c23d063f84d1985f9b51a8841ccf9988bc2a31f1b8c6993f255b887ad6ff0
-
SHA512
5c5be665eab48de558005861a15eade944c8eca3738381d3e054a074224dfd50f0b1da5805f0da8691dae1c5578aefb6c9cb8a4af115759205aa41062412c5ff
-
SSDEEP
6144:YD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZFY05LLTMdW+:Yl8E4w5huat7UovONzbXwS0dMd0QZh9u
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-