General
-
Target
cb2422fee19846491846526008f4b73d17d8d20bf5c9fc9d161c5492b33c1a72
-
Size
720KB
-
Sample
221203-fjmjvsag2z
-
MD5
6ba4a7256ec1bfc7df3ce97b038780d1
-
SHA1
35e84eaad0f438beed9b4ac93cabf89275afe821
-
SHA256
cb2422fee19846491846526008f4b73d17d8d20bf5c9fc9d161c5492b33c1a72
-
SHA512
941ea136b35f574c73fb4c3a763909060c02c4abce8b1e0ba8348df1cd49516f30d6ef766363435748b38a1a460dd2b580f240a2020736382501511efaecc73e
-
SSDEEP
12288:jrayyPRqmsl1nbsemjtyhunREl8QmElwRB7nR8dyV5pwEaKrj0izflO:kQDlJmjtyhuWlzlibR8dyuEaKj0iz9
Malware Config
Extracted
darkcomet
naam
namuna.zapto.org:5000
DCMIN_MUTEX-NWZN7WB
-
InstallPath
MSDCSC\svchost.exe
-
gencode
rghasalJMHfn
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
rundll.exe
Targets
-
-
Target
cb2422fee19846491846526008f4b73d17d8d20bf5c9fc9d161c5492b33c1a72
-
Size
720KB
-
MD5
6ba4a7256ec1bfc7df3ce97b038780d1
-
SHA1
35e84eaad0f438beed9b4ac93cabf89275afe821
-
SHA256
cb2422fee19846491846526008f4b73d17d8d20bf5c9fc9d161c5492b33c1a72
-
SHA512
941ea136b35f574c73fb4c3a763909060c02c4abce8b1e0ba8348df1cd49516f30d6ef766363435748b38a1a460dd2b580f240a2020736382501511efaecc73e
-
SSDEEP
12288:jrayyPRqmsl1nbsemjtyhunREl8QmElwRB7nR8dyV5pwEaKrj0izflO:kQDlJmjtyhuWlzlibR8dyuEaKj0iz9
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-