General
-
Target
c9f7b7f61b30c14d57b7fb3816e04c823025e0eaff8677119c545fe0d774eb84
-
Size
688KB
-
Sample
221203-fnhfpsbb3y
-
MD5
b309311a634552671dae78f60235daac
-
SHA1
9eda29d8a7b72791c90e1b1be212c27ad5bc6508
-
SHA256
c9f7b7f61b30c14d57b7fb3816e04c823025e0eaff8677119c545fe0d774eb84
-
SHA512
6b987b534b171f8eb589668fab93e612f2dfd1c2ac8941272936b9245daeaf38084fa4aab497e05808df6316471c518172fc594e84fa1831bec588715d9db9b1
-
SSDEEP
12288:96dfozt5VxU9YjvLEuhz32GAnq5kVmmUgORv2r5nVjkmGenwgeiVkurTjcqOg:6foJDdjvLgns6mmUgORerxiTenweSur9
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:1604
DCMIN_MUTEX-ELPZPHY
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
y0VKNuhAihWx
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
c9f7b7f61b30c14d57b7fb3816e04c823025e0eaff8677119c545fe0d774eb84
-
Size
688KB
-
MD5
b309311a634552671dae78f60235daac
-
SHA1
9eda29d8a7b72791c90e1b1be212c27ad5bc6508
-
SHA256
c9f7b7f61b30c14d57b7fb3816e04c823025e0eaff8677119c545fe0d774eb84
-
SHA512
6b987b534b171f8eb589668fab93e612f2dfd1c2ac8941272936b9245daeaf38084fa4aab497e05808df6316471c518172fc594e84fa1831bec588715d9db9b1
-
SSDEEP
12288:96dfozt5VxU9YjvLEuhz32GAnq5kVmmUgORv2r5nVjkmGenwgeiVkurTjcqOg:6foJDdjvLgns6mmUgORerxiTenweSur9
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-