General
-
Target
2025-02-27_432708d541da1bf33ab666cf8551445b_snatch
-
Size
2.4MB
-
Sample
250227-gbae1ayls5
-
MD5
432708d541da1bf33ab666cf8551445b
-
SHA1
81c51ce929a2fb7f93f242647db7fd5f45f3e081
-
SHA256
54f45ca1b511bfe2bb416d76747bc5c3c3b2be0e226644ced863c47383f405bd
-
SHA512
cc3511568a724fd8c4451a5dc8a2df9d9da713225ec6a22a85a30fb55e1d30a4244e1982a756c9b91076ce3d3e6820e72058ee7ed4a044dc3abfb8e5d9ddfb46
-
SSDEEP
49152:9EMoVl3zWwx0qxnkRGcQI+IxYmPznz11afSz5:9EM4l3zWwxR0
Malware Config
Extracted
darkcomet
Guest16
ratker.duckdns.org:6300
DC_MUTEX-PQZD4XN
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
densxlCpRnTq
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
2025-02-27_432708d541da1bf33ab666cf8551445b_snatch
-
Size
2.4MB
-
MD5
432708d541da1bf33ab666cf8551445b
-
SHA1
81c51ce929a2fb7f93f242647db7fd5f45f3e081
-
SHA256
54f45ca1b511bfe2bb416d76747bc5c3c3b2be0e226644ced863c47383f405bd
-
SHA512
cc3511568a724fd8c4451a5dc8a2df9d9da713225ec6a22a85a30fb55e1d30a4244e1982a756c9b91076ce3d3e6820e72058ee7ed4a044dc3abfb8e5d9ddfb46
-
SSDEEP
49152:9EMoVl3zWwx0qxnkRGcQI+IxYmPznz11afSz5:9EM4l3zWwxR0
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1