General
-
Target
ad74b3a4b91a33bf10fb006440e561ce09f1eb76d3eb666f66afceaa89d250c7
-
Size
658KB
-
Sample
221202-eh4w3sbe72
-
MD5
7575271ff59904a601439ab0b1bdeec1
-
SHA1
7e38d0f392b44210e3d535c99c5eca85f4d4f6f3
-
SHA256
ad74b3a4b91a33bf10fb006440e561ce09f1eb76d3eb666f66afceaa89d250c7
-
SHA512
786c72762e207fe91b429ddc302b04fdc8c2497fc82fc8dfd2d068ea9cfca89ca1effd8c2b893e656cf195536c7ba3f4984961b5ec47d9c2d47658f4ff6027e9
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h9:eZ1xuVVjfFoynPaVBUR8f+kN10EBz
Malware Config
Extracted
darkcomet
HF
thersbuisness.no-ip.org:1604
DC_MUTEX-CE1YQYQ
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
5g634TnJfTKq
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
ad74b3a4b91a33bf10fb006440e561ce09f1eb76d3eb666f66afceaa89d250c7
-
Size
658KB
-
MD5
7575271ff59904a601439ab0b1bdeec1
-
SHA1
7e38d0f392b44210e3d535c99c5eca85f4d4f6f3
-
SHA256
ad74b3a4b91a33bf10fb006440e561ce09f1eb76d3eb666f66afceaa89d250c7
-
SHA512
786c72762e207fe91b429ddc302b04fdc8c2497fc82fc8dfd2d068ea9cfca89ca1effd8c2b893e656cf195536c7ba3f4984961b5ec47d9c2d47658f4ff6027e9
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h9:eZ1xuVVjfFoynPaVBUR8f+kN10EBz
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-