General
-
Target
155c15fa44f501df0e5cf64a40dda8b7_JaffaCakes118
-
Size
1.3MB
-
Sample
241004-3t8w6stapn
-
MD5
155c15fa44f501df0e5cf64a40dda8b7
-
SHA1
98b748c9a27d7da0e803035dcfb6e8425cd006c7
-
SHA256
578eb32648c415f048d0a357ec5aba580ee14292ce77cc143fbbd9bca9f22b47
-
SHA512
b69eaef73dd1e1fea43d53197dfab70d3a672885d07547579d2f929978d0ed288b59e0b5af39396ee06e913589a72dab7302d114541353a2e964f4d09b46bbe8
-
SSDEEP
24576:SDRfULfyBlOI29Pb7OGPOjv7URO0lfIlmwMRvPlmKEYlmIQMRSNWK4YC:SVklgzpmwMJK7C
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:100
DCMIN_MUTEX-FDQ0K24
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
T7ltFxUeoHFm
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
155c15fa44f501df0e5cf64a40dda8b7_JaffaCakes118
-
Size
1.3MB
-
MD5
155c15fa44f501df0e5cf64a40dda8b7
-
SHA1
98b748c9a27d7da0e803035dcfb6e8425cd006c7
-
SHA256
578eb32648c415f048d0a357ec5aba580ee14292ce77cc143fbbd9bca9f22b47
-
SHA512
b69eaef73dd1e1fea43d53197dfab70d3a672885d07547579d2f929978d0ed288b59e0b5af39396ee06e913589a72dab7302d114541353a2e964f4d09b46bbe8
-
SSDEEP
24576:SDRfULfyBlOI29Pb7OGPOjv7URO0lfIlmwMRvPlmKEYlmIQMRSNWK4YC:SVklgzpmwMJK7C
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1