General
-
Target
00b4508c912632a94e412cda51899c74_JaffaCakes118
-
Size
891KB
-
Sample
240426-n1ymfsba99
-
MD5
00b4508c912632a94e412cda51899c74
-
SHA1
92d770176192283fc313060da3aa64ab4f3fb0ce
-
SHA256
825034af80c22c76d6cab1c71433cd66d73fb777125d4541aebba4a9a738e5e3
-
SHA512
af0fe8cdea6cef68a6f5e47627779fc2079c7ddf73a94a5ee74472a9ad6a52cad13068d5fc0d7cbd076812270f33fd60cf8dc844af49927b381b310f61e4ce7b
-
SSDEEP
12288:k9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZYoa1sQDt:oZ1xuVVjfFoynPaVBUR8f+kN10EBnno
Malware Config
Extracted
darkcomet
Guest16
90.211.217.77:1604
DC_MUTEX-PUCAX1M
-
gencode
v0xzhQ2SiLAX
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
00b4508c912632a94e412cda51899c74_JaffaCakes118
-
Size
891KB
-
MD5
00b4508c912632a94e412cda51899c74
-
SHA1
92d770176192283fc313060da3aa64ab4f3fb0ce
-
SHA256
825034af80c22c76d6cab1c71433cd66d73fb777125d4541aebba4a9a738e5e3
-
SHA512
af0fe8cdea6cef68a6f5e47627779fc2079c7ddf73a94a5ee74472a9ad6a52cad13068d5fc0d7cbd076812270f33fd60cf8dc844af49927b381b310f61e4ce7b
-
SSDEEP
12288:k9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hZYoa1sQDt:oZ1xuVVjfFoynPaVBUR8f+kN10EBnno
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies firewall policy service
-
Modifies security service
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-