General
-
Target
bb36ac4b8e058a79b345c6655824c1d66fc5f9ae733a33ae8876e8cc11619685
-
Size
756KB
-
Sample
221123-s574xagb7z
-
MD5
033bd2f76c9cbe25dcc5fee659c8b785
-
SHA1
8bc5570a484f17f304ff12bf615abaa7f2622f30
-
SHA256
bb36ac4b8e058a79b345c6655824c1d66fc5f9ae733a33ae8876e8cc11619685
-
SHA512
25039666eb1cdf881048108bae0e945a84e79fe68dd2f9c354df4deef2cf099cc0cfba6c48cff9f0a7c459f794ec5cd6575e7607f2ce975688deea18dc06906b
-
SSDEEP
12288:t9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hu:HZ1xuVVjfFoynPaVBUR8f+kN10EBw
Malware Config
Extracted
darkcomet
YENÝ CASUT
thteflaki.ddns.net:1604
DC_MUTEX-YW5T4XG
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
KxHV27JBfqf4
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
bb36ac4b8e058a79b345c6655824c1d66fc5f9ae733a33ae8876e8cc11619685
-
Size
756KB
-
MD5
033bd2f76c9cbe25dcc5fee659c8b785
-
SHA1
8bc5570a484f17f304ff12bf615abaa7f2622f30
-
SHA256
bb36ac4b8e058a79b345c6655824c1d66fc5f9ae733a33ae8876e8cc11619685
-
SHA512
25039666eb1cdf881048108bae0e945a84e79fe68dd2f9c354df4deef2cf099cc0cfba6c48cff9f0a7c459f794ec5cd6575e7607f2ce975688deea18dc06906b
-
SSDEEP
12288:t9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hu:HZ1xuVVjfFoynPaVBUR8f+kN10EBw
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-