General
-
Target
b01242e2d060c0af9ff07c172cbeed5d19902f9a4e395c14aea7189738c2735e
-
Size
884KB
-
Sample
221130-287rzsha3z
-
MD5
8a4dd03144ec28c7942a150bc545453e
-
SHA1
458dbd1ebfe407684f6b7c76c1cbd355e40e39e1
-
SHA256
b01242e2d060c0af9ff07c172cbeed5d19902f9a4e395c14aea7189738c2735e
-
SHA512
e7264f2d874f962bc6a9d77512de68408ae2ef5bba407ad12f38e4a7cc9417640f50428260e46100b89f68bfbc9d851e661419efd3914a9a221ad19840e9d27d
-
SSDEEP
24576:PBhPPA3MK2n7wr63VyL47Dnc/G2Vw4HFEkZiy2hk51534qj8:PbHFKaVGcD32VKkZiK5Lj
Malware Config
Extracted
darkcomet
Guest16
dafaaq.no-ip.biz:83
DC_MUTEX-2WMPPQS
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ZsyQjca5riPn
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
b01242e2d060c0af9ff07c172cbeed5d19902f9a4e395c14aea7189738c2735e
-
Size
884KB
-
MD5
8a4dd03144ec28c7942a150bc545453e
-
SHA1
458dbd1ebfe407684f6b7c76c1cbd355e40e39e1
-
SHA256
b01242e2d060c0af9ff07c172cbeed5d19902f9a4e395c14aea7189738c2735e
-
SHA512
e7264f2d874f962bc6a9d77512de68408ae2ef5bba407ad12f38e4a7cc9417640f50428260e46100b89f68bfbc9d851e661419efd3914a9a221ad19840e9d27d
-
SSDEEP
24576:PBhPPA3MK2n7wr63VyL47Dnc/G2Vw4HFEkZiy2hk51534qj8:PbHFKaVGcD32VKkZiK5Lj
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-