General
-
Target
3f2e96dbf09c90ebd5f20685666ec16416005c794223813ada85208c2a1837cd
-
Size
1.2MB
-
Sample
221123-sy9n6aff9v
-
MD5
c6c22cf761ab226e77e8fff7afc24d35
-
SHA1
2237f3dce12a12a6888915f06e18760a6b127087
-
SHA256
3f2e96dbf09c90ebd5f20685666ec16416005c794223813ada85208c2a1837cd
-
SHA512
cff97b775e676450a6d156724c7cbbc5fe5b3fa21beb92152066fbf7ab3d95a4c7c8f88aa037d1eab7d85747a0c27834234b5f22d7ef0b232763c41859905009
-
SSDEEP
24576:BxM1a9MVNGety8u3a5UwlNL20403Dtqji:7sa9Mf79uMW0pqj
Malware Config
Extracted
darkcomet
csgo
hyptonix.ddns.net:1604
DCMIN_MUTEX-BR4A132
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
YwRoYaRknJKS
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
3f2e96dbf09c90ebd5f20685666ec16416005c794223813ada85208c2a1837cd
-
Size
1.2MB
-
MD5
c6c22cf761ab226e77e8fff7afc24d35
-
SHA1
2237f3dce12a12a6888915f06e18760a6b127087
-
SHA256
3f2e96dbf09c90ebd5f20685666ec16416005c794223813ada85208c2a1837cd
-
SHA512
cff97b775e676450a6d156724c7cbbc5fe5b3fa21beb92152066fbf7ab3d95a4c7c8f88aa037d1eab7d85747a0c27834234b5f22d7ef0b232763c41859905009
-
SSDEEP
24576:BxM1a9MVNGety8u3a5UwlNL20403Dtqji:7sa9Mf79uMW0pqj
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-