General
-
Target
61857e78593d53dc2443f3b34a39afef3e6182dfcdb6e71b8090ae75cbdc5c80
-
Size
658KB
-
Sample
221127-vktrwsha21
-
MD5
388166ec12a21bc90184d2257ef89de4
-
SHA1
9be7c946793664d52d9d162d4d6d952c0963e289
-
SHA256
61857e78593d53dc2443f3b34a39afef3e6182dfcdb6e71b8090ae75cbdc5c80
-
SHA512
a362afb7b466d677ca2279cad5b592edbba224dd91ab22f36dec1789330a2510b01a723c7d6c5fc62ba432633c294ab9d6c4c01d49f4b8dd6da7d4f296477a54
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hB:+Z1xuVVjfFoynPaVBUR8f+kN10EBz
Malware Config
Extracted
darkcomet
Jona
naveenxxx.ddns.net:1604
DC_MUTEX-812QFTW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
2vcmXE7AbJlz
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
61857e78593d53dc2443f3b34a39afef3e6182dfcdb6e71b8090ae75cbdc5c80
-
Size
658KB
-
MD5
388166ec12a21bc90184d2257ef89de4
-
SHA1
9be7c946793664d52d9d162d4d6d952c0963e289
-
SHA256
61857e78593d53dc2443f3b34a39afef3e6182dfcdb6e71b8090ae75cbdc5c80
-
SHA512
a362afb7b466d677ca2279cad5b592edbba224dd91ab22f36dec1789330a2510b01a723c7d6c5fc62ba432633c294ab9d6c4c01d49f4b8dd6da7d4f296477a54
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hB:+Z1xuVVjfFoynPaVBUR8f+kN10EBz
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-