General
-
Target
25fef2629b1a28be76522da59a85506f_JaffaCakes118
-
Size
850KB
-
Sample
240329-s8aykscd42
-
MD5
25fef2629b1a28be76522da59a85506f
-
SHA1
e1c6b2ac497f253cb03aa69505111532b4241a38
-
SHA256
1736d604d6c8a14948ebe5386727ca3de215e1163904eac094b39769b8faea64
-
SHA512
8656b9393d45dda010013825238b8254404b89316511b66877f78ad5b61008cb4d50e48e749cb646ada5891299b85dd7342336b4024e034865cfa07d47e08617
-
SSDEEP
12288:j6qvGvd8EgWCKXtWxWT56LbdJ0Ua0c1xHVkPyjRIBTK+jUOq6fgJg0Ges/5rBY6:hvGvd8HK9hwLbdJp6/kIo7f
Malware Config
Extracted
darkcomet
Guest16
6.tcp.ngrok.io:10371
DC_MUTEX-6TC6YTT
-
gencode
6Wpjj0ueCN6h
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
25fef2629b1a28be76522da59a85506f_JaffaCakes118
-
Size
850KB
-
MD5
25fef2629b1a28be76522da59a85506f
-
SHA1
e1c6b2ac497f253cb03aa69505111532b4241a38
-
SHA256
1736d604d6c8a14948ebe5386727ca3de215e1163904eac094b39769b8faea64
-
SHA512
8656b9393d45dda010013825238b8254404b89316511b66877f78ad5b61008cb4d50e48e749cb646ada5891299b85dd7342336b4024e034865cfa07d47e08617
-
SSDEEP
12288:j6qvGvd8EgWCKXtWxWT56LbdJ0Ua0c1xHVkPyjRIBTK+jUOq6fgJg0Ges/5rBY6:hvGvd8HK9hwLbdJp6/kIo7f
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Disables Task Manager via registry modification
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-