General
-
Target
4874e617d68183863cf122f64370fe00_JaffaCakes118
-
Size
1.3MB
-
Sample
241015-sb6nzsvdkl
-
MD5
4874e617d68183863cf122f64370fe00
-
SHA1
e7af240418e654da9a2a8ecf7bdffc023f09a121
-
SHA256
d4936b03e9af415c62c3487314b659c35ebff2dfd248ebe24f3a73ee0bcc6379
-
SHA512
053b31e997c6db01329d07fe579479b4a47241137b5937ce469783ccb0681f279d58cfa05d1e1993f70cee8372b1e45292ced1a8724485eee86612b44dd11a5d
-
SSDEEP
24576:iRmYkcoQricOIrxiZY1iaCvHp7wKaHnCMjORymu7Xmg7FT2bL:3YZoQrbT8ZY1iaC/p16zt2g7FaP
Malware Config
Extracted
darkcomet
NewIDs
fvckthesyst3m.no-ip.org:1604
DC_MUTEX-JGWKK3L
-
gencode
hc8JG7lbWhDC
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
4874e617d68183863cf122f64370fe00_JaffaCakes118
-
Size
1.3MB
-
MD5
4874e617d68183863cf122f64370fe00
-
SHA1
e7af240418e654da9a2a8ecf7bdffc023f09a121
-
SHA256
d4936b03e9af415c62c3487314b659c35ebff2dfd248ebe24f3a73ee0bcc6379
-
SHA512
053b31e997c6db01329d07fe579479b4a47241137b5937ce469783ccb0681f279d58cfa05d1e1993f70cee8372b1e45292ced1a8724485eee86612b44dd11a5d
-
SSDEEP
24576:iRmYkcoQricOIrxiZY1iaCvHp7wKaHnCMjORymu7Xmg7FT2bL:3YZoQrbT8ZY1iaC/p16zt2g7FaP
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies security service
-
Windows security bypass
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1