General
-
Target
f96e1bf66b8130410009d9385fb1d4b2_JaffaCakes118
-
Size
1.5MB
-
Sample
240419-ea2rragg5y
-
MD5
f96e1bf66b8130410009d9385fb1d4b2
-
SHA1
07c00813f7acc4385b8e560e3e225bc8428f6318
-
SHA256
64ea99edbcd0043f4224688f6fbb0216c4495dd1dfed553eae3fcdc75c97f963
-
SHA512
3d883743614fcf11b4f3514d73166fe80f6c5df0c45feb8d05d3ab8ad51fb77dccb5e6b2bbe13bfa62e8e946873196ae62bcd9aed60b2c2c6b4b2037b9cad7ed
-
SSDEEP
24576:8HhKD9sk9ovoFZVA/+JH6REiH5BdDbKZU6P23tDkqDGNbw6OT:/9dDJaRNHbdDB24DkPN
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-BJPQTYY
-
InstallPath
PDF_ChallanList_1_21_2016 12_00_00 AM
-
gencode
clubUqWbr20Q
-
install
true
-
offline_keylogger
true
-
password
0123456789
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
f96e1bf66b8130410009d9385fb1d4b2_JaffaCakes118
-
Size
1.5MB
-
MD5
f96e1bf66b8130410009d9385fb1d4b2
-
SHA1
07c00813f7acc4385b8e560e3e225bc8428f6318
-
SHA256
64ea99edbcd0043f4224688f6fbb0216c4495dd1dfed553eae3fcdc75c97f963
-
SHA512
3d883743614fcf11b4f3514d73166fe80f6c5df0c45feb8d05d3ab8ad51fb77dccb5e6b2bbe13bfa62e8e946873196ae62bcd9aed60b2c2c6b4b2037b9cad7ed
-
SSDEEP
24576:8HhKD9sk9ovoFZVA/+JH6REiH5BdDbKZU6P23tDkqDGNbw6OT:/9dDJaRNHbdDB24DkPN
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-