General
-
Target
bf55895b1125985910b279a0986eb4f9cf23b42b6ac1c7ad00ebe4a7a38c51f4
-
Size
589KB
-
Sample
221128-n9td4agc2w
-
MD5
9b735e75d5f5b5e72dcf32f942c58fa7
-
SHA1
ef53ccf1151ad60433620fb6dc23cd1c21547692
-
SHA256
bf55895b1125985910b279a0986eb4f9cf23b42b6ac1c7ad00ebe4a7a38c51f4
-
SHA512
911ddbf4cff7f143c0c12e8589fa689a3fec3763cfab1a9bf89689c85a6f8b89f902952b5fd5a324f11bf9bf7867bc9ed0f30ac9deddbb71c201dccad53bdfd3
-
SSDEEP
12288:/yR1T9xHu2hR1OXJltyB/Of3qnuL1AxTY6Csax2gxvUjEy68w+mklHE/G7X:wfXhn+Jlt5fc+eZYdxRNUjEy6Bwl6M
Malware Config
Extracted
darkcomet
Guest16
109.79.129.154:1604
DC_MUTEX-P5T5H7G
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
A9dWi1T3eUDG
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
bf55895b1125985910b279a0986eb4f9cf23b42b6ac1c7ad00ebe4a7a38c51f4
-
Size
589KB
-
MD5
9b735e75d5f5b5e72dcf32f942c58fa7
-
SHA1
ef53ccf1151ad60433620fb6dc23cd1c21547692
-
SHA256
bf55895b1125985910b279a0986eb4f9cf23b42b6ac1c7ad00ebe4a7a38c51f4
-
SHA512
911ddbf4cff7f143c0c12e8589fa689a3fec3763cfab1a9bf89689c85a6f8b89f902952b5fd5a324f11bf9bf7867bc9ed0f30ac9deddbb71c201dccad53bdfd3
-
SSDEEP
12288:/yR1T9xHu2hR1OXJltyB/Of3qnuL1AxTY6Csax2gxvUjEy68w+mklHE/G7X:wfXhn+Jlt5fc+eZYdxRNUjEy6Bwl6M
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-