General
-
Target
c6f88f6e9970a9e687ed73f78ef0a6b9f840d03d06b85db94ac8aba694a93391
-
Size
348KB
-
Sample
221125-pwd8pacb7s
-
MD5
654018f6195e1af931a8ab88de19b441
-
SHA1
8749ed2f3d89011379877b237403f5e6c7a0a9ef
-
SHA256
c6f88f6e9970a9e687ed73f78ef0a6b9f840d03d06b85db94ac8aba694a93391
-
SHA512
7caaaff38f8219a1088648c1933f1b5c4c1930cfdadd28d71588d4fa3a5aa4a47dc9da6c85965649a9ad54a944280e6cb2aaa793399595048eb0ef1dc08d2227
-
SSDEEP
6144:6CF0tb8Dbqz3MN2lLa5ntDgcHE6ek//Td/dn4wGup5A22wz/Pv:6PtQDbEPlLWntMcxZlLHA0z/Pv
Malware Config
Extracted
darkcomet
Guest16_min
useles.no-ip.org:400
DCMIN_MUTEX-RAVA06T
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
CCiMGGm9PEke
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
c6f88f6e9970a9e687ed73f78ef0a6b9f840d03d06b85db94ac8aba694a93391
-
Size
348KB
-
MD5
654018f6195e1af931a8ab88de19b441
-
SHA1
8749ed2f3d89011379877b237403f5e6c7a0a9ef
-
SHA256
c6f88f6e9970a9e687ed73f78ef0a6b9f840d03d06b85db94ac8aba694a93391
-
SHA512
7caaaff38f8219a1088648c1933f1b5c4c1930cfdadd28d71588d4fa3a5aa4a47dc9da6c85965649a9ad54a944280e6cb2aaa793399595048eb0ef1dc08d2227
-
SSDEEP
6144:6CF0tb8Dbqz3MN2lLa5ntDgcHE6ek//Td/dn4wGup5A22wz/Pv:6PtQDbEPlLWntMcxZlLHA0z/Pv
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-