General
-
Target
16b29f226da2decc3a288f7d64aebb8cc0713adae80c638b2005add8b81de663
-
Size
1.9MB
-
Sample
221125-j6xvwsgg2w
-
MD5
93e9d128fb9e4b6aab6e7eb2a3dfcc86
-
SHA1
49dc42b33f338b695a50bbfa9eed16af2341c677
-
SHA256
16b29f226da2decc3a288f7d64aebb8cc0713adae80c638b2005add8b81de663
-
SHA512
6a04ca4c5bbde27bc0bf59b7f4f71d4837fad50cf380bfd3b372431a03c2a0bf6eb8b7946a5c90882aa168e05c478a3b107318302f5884caa47cf12afa48b685
-
SSDEEP
24576:5844NWpwIZoAPQyK/csHLc0RsGFbxprhaH844NWpwIZoAPQyK/csHLc0RsGFbxpI:KiZoyWBrc0RpI4iZoyWBrc0RpI
Malware Config
Extracted
darkcomet
Guest16
badman4iks.ddns.net:7777
DC_MUTEX-AK6R7RA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
APz9tNv5zfKe
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
16b29f226da2decc3a288f7d64aebb8cc0713adae80c638b2005add8b81de663
-
Size
1.9MB
-
MD5
93e9d128fb9e4b6aab6e7eb2a3dfcc86
-
SHA1
49dc42b33f338b695a50bbfa9eed16af2341c677
-
SHA256
16b29f226da2decc3a288f7d64aebb8cc0713adae80c638b2005add8b81de663
-
SHA512
6a04ca4c5bbde27bc0bf59b7f4f71d4837fad50cf380bfd3b372431a03c2a0bf6eb8b7946a5c90882aa168e05c478a3b107318302f5884caa47cf12afa48b685
-
SSDEEP
24576:5844NWpwIZoAPQyK/csHLc0RsGFbxprhaH844NWpwIZoAPQyK/csHLc0RsGFbxpI:KiZoyWBrc0RpI4iZoyWBrc0RpI
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-