General
-
Target
8cf942d0ffc44688130c91a7fd76a72cfa5345f0a8aefd3adc7e68ed70340694
-
Size
2.9MB
-
Sample
221205-p546gafc7s
-
MD5
df7bf31aea132aca10366ae20dd0c350
-
SHA1
dba114d4074f3f338940bdb075bbda26172c53db
-
SHA256
8cf942d0ffc44688130c91a7fd76a72cfa5345f0a8aefd3adc7e68ed70340694
-
SHA512
e86224122b1faaba9ec590eae700b435ad7cd8881d141c8ba0d9ec07b179bd7fd1418d4024fc2b3c05ec08ed8463d84f132dc250be4d4a3c59301424af6c1cb3
-
SSDEEP
49152:LMnXXFJkevVRBhRFGdPWgaqWMZYANAPc+N3MTrDOyD9Eh6kScQhACeHrIF:PSLTeZHrSgEh6krQKC08
Malware Config
Extracted
darkcomet
Main
24.13.208.88:100
jaxxyisboss.zapto.org:100
DC_MUTEX-C0UC4KU
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
w4i0rGCzp71f
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
Microsoft Defender
Targets
-
-
Target
8cf942d0ffc44688130c91a7fd76a72cfa5345f0a8aefd3adc7e68ed70340694
-
Size
2.9MB
-
MD5
df7bf31aea132aca10366ae20dd0c350
-
SHA1
dba114d4074f3f338940bdb075bbda26172c53db
-
SHA256
8cf942d0ffc44688130c91a7fd76a72cfa5345f0a8aefd3adc7e68ed70340694
-
SHA512
e86224122b1faaba9ec590eae700b435ad7cd8881d141c8ba0d9ec07b179bd7fd1418d4024fc2b3c05ec08ed8463d84f132dc250be4d4a3c59301424af6c1cb3
-
SSDEEP
49152:LMnXXFJkevVRBhRFGdPWgaqWMZYANAPc+N3MTrDOyD9Eh6kScQhACeHrIF:PSLTeZHrSgEh6krQKC08
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-