General
-
Target
691c93715ef612042db053b78ee413e91151869a53d8b4431ae0db9e1087b842
-
Size
669KB
-
Sample
221123-s6etradb64
-
MD5
13a3abab1f3ca40b9bc4f4ff2b558a03
-
SHA1
726b227683170247215d4b166a9300b184bee157
-
SHA256
691c93715ef612042db053b78ee413e91151869a53d8b4431ae0db9e1087b842
-
SHA512
4c99b45a6bc1ed6db443bac9454db3c3964084b0f74eb013b3eb097701ef0881f40972f32583bb00b962058db57ee29cdff624fe20acb878caa7250c17294715
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hdog:eZ1xuVVjfFoynPaVBUR8f+kN10EBHog
Malware Config
Extracted
darkcomet
Omegle Spread
imagineworms.servegame.com:25444
DC_MUTEX-PPDVM7L
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
eVap6A2UW66f
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicrosoftMalisusProgramsRemovalTool
Targets
-
-
Target
691c93715ef612042db053b78ee413e91151869a53d8b4431ae0db9e1087b842
-
Size
669KB
-
MD5
13a3abab1f3ca40b9bc4f4ff2b558a03
-
SHA1
726b227683170247215d4b166a9300b184bee157
-
SHA256
691c93715ef612042db053b78ee413e91151869a53d8b4431ae0db9e1087b842
-
SHA512
4c99b45a6bc1ed6db443bac9454db3c3964084b0f74eb013b3eb097701ef0881f40972f32583bb00b962058db57ee29cdff624fe20acb878caa7250c17294715
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hdog:eZ1xuVVjfFoynPaVBUR8f+kN10EBHog
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-