General
-
Target
fe8080de6aa3aca5d4c91bc42a58592795a2d64bcb0343d84118ddd245a31471
-
Size
635KB
-
Sample
221126-pvgmesda98
-
MD5
f30c4b607c2463f754a3da6baa94ee07
-
SHA1
705e8a56b36490ec59e9c6053ab3e4238b7cb04e
-
SHA256
fe8080de6aa3aca5d4c91bc42a58592795a2d64bcb0343d84118ddd245a31471
-
SHA512
a280bbc8ae8d689ecb850c1595545138f5a1f267b6eecaafaad2cdb0180dde9c8f66e7d2e7e86d22c503b8496c9122aca7aa243cad5b2878ea0e9bac6c63534e
-
SSDEEP
12288:AcWkbgTYWnYnt/IDYhP/ggx3x1dBR7gUbVL1k78/ZeO/Xe9HfYE01cdmJUyLRcgt:TOIgCXhx1XZg451k78B/GYf1cdmJUS6
Malware Config
Extracted
darkcomet
BOT
212.90.37.187:1604
DC_MUTEX-03G28HX
-
InstallPath
MSDCSC\explorer.exe
-
gencode
i7KuFfqnYfDY
-
install
true
-
offline_keylogger
true
-
password
bot2b
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
fe8080de6aa3aca5d4c91bc42a58592795a2d64bcb0343d84118ddd245a31471
-
Size
635KB
-
MD5
f30c4b607c2463f754a3da6baa94ee07
-
SHA1
705e8a56b36490ec59e9c6053ab3e4238b7cb04e
-
SHA256
fe8080de6aa3aca5d4c91bc42a58592795a2d64bcb0343d84118ddd245a31471
-
SHA512
a280bbc8ae8d689ecb850c1595545138f5a1f267b6eecaafaad2cdb0180dde9c8f66e7d2e7e86d22c503b8496c9122aca7aa243cad5b2878ea0e9bac6c63534e
-
SSDEEP
12288:AcWkbgTYWnYnt/IDYhP/ggx3x1dBR7gUbVL1k78/ZeO/Xe9HfYE01cdmJUyLRcgt:TOIgCXhx1XZg451k78B/GYf1cdmJUS6
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-