General
-
Target
a20003aeab4cf8d4ca18e65d4258f2cd966d8e715b63121738d0cd18ae2cccd8
-
Size
1.5MB
-
Sample
221124-qpxbcsba2y
-
MD5
6f54af3173c13be87e28bd3fb6c59c8c
-
SHA1
ce712f117d611eac8b7e58c9e5b17b025fc42cae
-
SHA256
a20003aeab4cf8d4ca18e65d4258f2cd966d8e715b63121738d0cd18ae2cccd8
-
SHA512
47ff3e765ed7911a7f5f3734bf144a8bc81d2ea09d5ed46c8e3557dcb4dd6d0a0805ba6e39f11e7e81ad00983fe608a6b2491f268e01836ea1e9535e2d069770
-
SSDEEP
24576:1tb20pkaCqT5TBWgNQ7avWruJiysvIAwNyi176xzOoyVb2Lj6A:mVg5tQ7avWrsi9QA0dyOvVb2X5
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:1604
DCMIN_MUTEX-WW9GQNX
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
FbJtqwZwq6eo
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
a20003aeab4cf8d4ca18e65d4258f2cd966d8e715b63121738d0cd18ae2cccd8
-
Size
1.5MB
-
MD5
6f54af3173c13be87e28bd3fb6c59c8c
-
SHA1
ce712f117d611eac8b7e58c9e5b17b025fc42cae
-
SHA256
a20003aeab4cf8d4ca18e65d4258f2cd966d8e715b63121738d0cd18ae2cccd8
-
SHA512
47ff3e765ed7911a7f5f3734bf144a8bc81d2ea09d5ed46c8e3557dcb4dd6d0a0805ba6e39f11e7e81ad00983fe608a6b2491f268e01836ea1e9535e2d069770
-
SSDEEP
24576:1tb20pkaCqT5TBWgNQ7avWruJiysvIAwNyi176xzOoyVb2Lj6A:mVg5tQ7avWrsi9QA0dyOvVb2X5
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-