General
-
Target
f347051180559aa6ecaab96f4d1c94cd_JaffaCakes118
-
Size
663KB
-
Sample
240416-mazamafh52
-
MD5
f347051180559aa6ecaab96f4d1c94cd
-
SHA1
dd5c5e32e585f5536e76784c7d5f8fa73e55f33a
-
SHA256
107b9c46e78bb8a802029dd715bee34ca3fa31e1bae428d7e149dd10e8f38e3a
-
SHA512
cc019aa0769463a492089fb209672b222ff2c8aacec6672938979013f22b03e86765f1509f7ba28c6cc3dec51e19c2bae3573f4171e0b7d431a171dd2e42b241
-
SSDEEP
12288:kcuhZ45W60V6ttoK+ouEm1/QxeCOEuOcq1/rNumqWG5/21EB/Q:kRhX6tFhuEG/QTOEuuNIWouixQ
Malware Config
Extracted
darkcomet
Windows
baygoog.duckdns.org:1024
DC_MUTEX-AVCEZSX
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
ZrKtz3mldrvg
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicrosoftUpdater
Targets
-
-
Target
f347051180559aa6ecaab96f4d1c94cd_JaffaCakes118
-
Size
663KB
-
MD5
f347051180559aa6ecaab96f4d1c94cd
-
SHA1
dd5c5e32e585f5536e76784c7d5f8fa73e55f33a
-
SHA256
107b9c46e78bb8a802029dd715bee34ca3fa31e1bae428d7e149dd10e8f38e3a
-
SHA512
cc019aa0769463a492089fb209672b222ff2c8aacec6672938979013f22b03e86765f1509f7ba28c6cc3dec51e19c2bae3573f4171e0b7d431a171dd2e42b241
-
SSDEEP
12288:kcuhZ45W60V6ttoK+ouEm1/QxeCOEuOcq1/rNumqWG5/21EB/Q:kRhX6tFhuEG/QTOEuuNIWouixQ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-