General
-
Target
2cfe915e1498dd8ac3643ddc5812f5731d6ecc7d0efde6ad9a9bf35bcb735d0a
-
Size
5.5MB
-
Sample
221125-2xnvqsga81
-
MD5
564218aa29b51a220144e9d060d1252a
-
SHA1
9168cca0beea91546fb15a7b936e66d1668015e1
-
SHA256
2cfe915e1498dd8ac3643ddc5812f5731d6ecc7d0efde6ad9a9bf35bcb735d0a
-
SHA512
2cd1418e7611b40c524a01d8e3ba6684c96b462690b0915c807ddb60b5d49090125e8fdc8c4bffc435d1add68d82d4094d48c74bd689f00e05d486cbfe6c03bc
-
SSDEEP
98304:rwaQ8ZDJgyslyzoXmaErfYCNmkv5D2PFpuxvnkyyhAuax5O1RVidVSe8+QU/:rwaQ8ZDJw/WdftNnv5D29p0kyVuaO1Rn
Malware Config
Extracted
darkcomet
Danijela
jebozovan.no-ip.org:81
DC_MUTEX-KQRQZPG
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
v7PAnw881ZWq
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
2cfe915e1498dd8ac3643ddc5812f5731d6ecc7d0efde6ad9a9bf35bcb735d0a
-
Size
5.5MB
-
MD5
564218aa29b51a220144e9d060d1252a
-
SHA1
9168cca0beea91546fb15a7b936e66d1668015e1
-
SHA256
2cfe915e1498dd8ac3643ddc5812f5731d6ecc7d0efde6ad9a9bf35bcb735d0a
-
SHA512
2cd1418e7611b40c524a01d8e3ba6684c96b462690b0915c807ddb60b5d49090125e8fdc8c4bffc435d1add68d82d4094d48c74bd689f00e05d486cbfe6c03bc
-
SSDEEP
98304:rwaQ8ZDJgyslyzoXmaErfYCNmkv5D2PFpuxvnkyyhAuax5O1RVidVSe8+QU/:rwaQ8ZDJw/WdftNnv5D29p0kyVuaO1Rn
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-