General
-
Target
mal-track.exe
-
Size
658KB
-
Sample
240520-qwn9bsdc2v
-
MD5
59bc20336206070fa5312f03f1aee02e
-
SHA1
99dc38244141f56a60975899dd888eff0f5002b3
-
SHA256
a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd
-
SHA512
719cbb4a9ae4565b0c7d02622f0213f5bf1a3b93aefcb722bd53c44c5da607643a223c33154c7260c3b104b7f4c94d6e2c23031f3cef2064ed441aa50a312a3e
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZ:+Z1xuVVjfFoynPaVBUR8f+kN10EBz
Malware Config
Extracted
darkcomet
mal-track
127.0.0.1:1010
DCMIN_MUTEX-NLY9NFG
-
InstallPath
maltrack\maltrack.exe
-
gencode
Z6mh6RQnzK2e
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Mal-Track
Targets
-
-
Target
mal-track.exe
-
Size
658KB
-
MD5
59bc20336206070fa5312f03f1aee02e
-
SHA1
99dc38244141f56a60975899dd888eff0f5002b3
-
SHA256
a164abbb6778e1378af208b4a3d4833c2b226c68452d2151fb14e2e01a578fdd
-
SHA512
719cbb4a9ae4565b0c7d02622f0213f5bf1a3b93aefcb722bd53c44c5da607643a223c33154c7260c3b104b7f4c94d6e2c23031f3cef2064ed441aa50a312a3e
-
SSDEEP
12288:S9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZ:+Z1xuVVjfFoynPaVBUR8f+kN10EBz
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-