General
-
Target
8bd70b0cd4920456cc9105f9a6cb933cd4061125e7a3f2a7ef0c6e964f7f47d5
-
Size
631KB
-
Sample
221123-s7k26adc34
-
MD5
9a04b9dd0be01c47737dd6014c002ff9
-
SHA1
46824f75ee05bdb80b051b7affb6cb271d8b7476
-
SHA256
8bd70b0cd4920456cc9105f9a6cb933cd4061125e7a3f2a7ef0c6e964f7f47d5
-
SHA512
9c5f8d69a6fa146e9a2bfb02f8954cec04fbe7d2967a001a0781be47a75d9526a76380659a46b2b5cb5b135987f128da6441d2e8119e5aeec67d04ce64caa8f4
-
SSDEEP
12288:x+h/yhmu0LuZmSYnV472X/+tNhqGERdjft7djMzAv/1mk2b7g:YueY5YnVs2v+t/qfRdjfth9I
Malware Config
Extracted
darkcomet
Levieux100
levieux.no-ip.biz:3080
DC_MUTEX-MANUVG1
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
AwsRZtgYnACw
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
8bd70b0cd4920456cc9105f9a6cb933cd4061125e7a3f2a7ef0c6e964f7f47d5
-
Size
631KB
-
MD5
9a04b9dd0be01c47737dd6014c002ff9
-
SHA1
46824f75ee05bdb80b051b7affb6cb271d8b7476
-
SHA256
8bd70b0cd4920456cc9105f9a6cb933cd4061125e7a3f2a7ef0c6e964f7f47d5
-
SHA512
9c5f8d69a6fa146e9a2bfb02f8954cec04fbe7d2967a001a0781be47a75d9526a76380659a46b2b5cb5b135987f128da6441d2e8119e5aeec67d04ce64caa8f4
-
SSDEEP
12288:x+h/yhmu0LuZmSYnV472X/+tNhqGERdjft7djMzAv/1mk2b7g:YueY5YnVs2v+t/qfRdjfth9I
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-