General
-
Target
41508b150a2b3ca5ac3ca59db9fc1b85_JaffaCakes118
-
Size
670KB
-
Sample
240713-mld4tszamc
-
MD5
41508b150a2b3ca5ac3ca59db9fc1b85
-
SHA1
c649945bb3b657d7b5141d8de5cfd8b2006a477f
-
SHA256
b1ccd30eda56398cd9e1136d86d72ad7229406c7c22eb474a227f648570b750b
-
SHA512
9c5cce1da58cb54fd64bd96e37e52887110a294947991aa5f81b9ce0e57dafd3f5d0d52f4ace3c1b9e0c1c4fd4b64fa6cdb90b2693bb6c3576aa773b92e07ac0
-
SSDEEP
12288:ke9+GAKK38wkyI2Z/aYKrbU2CTakzuoe5DfATzXIuhQNx+63Zlpnm:k+/AKKM0IuC9M2Ia9v5L0Xgc63ZlFm
Malware Config
Extracted
darkcomet
Test
psyco159.no-ip.biz:1604
DC_MUTEX-UM9LSKR
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
AXp6k6xF2QqE
-
install
true
-
offline_keylogger
true
-
password
159159
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
41508b150a2b3ca5ac3ca59db9fc1b85_JaffaCakes118
-
Size
670KB
-
MD5
41508b150a2b3ca5ac3ca59db9fc1b85
-
SHA1
c649945bb3b657d7b5141d8de5cfd8b2006a477f
-
SHA256
b1ccd30eda56398cd9e1136d86d72ad7229406c7c22eb474a227f648570b750b
-
SHA512
9c5cce1da58cb54fd64bd96e37e52887110a294947991aa5f81b9ce0e57dafd3f5d0d52f4ace3c1b9e0c1c4fd4b64fa6cdb90b2693bb6c3576aa773b92e07ac0
-
SSDEEP
12288:ke9+GAKK38wkyI2Z/aYKrbU2CTakzuoe5DfATzXIuhQNx+63Zlpnm:k+/AKKM0IuC9M2Ia9v5L0Xgc63ZlFm
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Molebox Virtualization software
Detects file using Molebox Virtualization software.
-
Adds Run key to start application
-