General
-
Target
98ce5d021ba40f7a2bb1035aa08793dc_JaffaCakes118
-
Size
780KB
-
Sample
241125-dhdjfs1jfq
-
MD5
98ce5d021ba40f7a2bb1035aa08793dc
-
SHA1
23751b00d2e23c33dc83f4fc68722fa490e9c5dc
-
SHA256
7b35c6381adbf11bd623eedd5a49441ea54946c25448e5e127486ade11036d24
-
SHA512
2a60c392d751f4adf533b22f2802a8df261f551ec87e93a419c506aabb764a9a52611b7e62d8e79ec2ea51acc7ed167e03b31e01faa7e66b206326a05f758823
-
SSDEEP
12288:Qxa5KJ0g3va/9UfeU7cdHca2kkCVZN6q6pjW9hyKcujTLs4E9fQb:Qxa60gcSey88a9kxEhy6o9k
Malware Config
Extracted
darkcomet
Novo12
89.205.30.2:1604
DC_MUTEX-LSCGXAA
-
gencode
8XGLH6uUEFw6
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
98ce5d021ba40f7a2bb1035aa08793dc_JaffaCakes118
-
Size
780KB
-
MD5
98ce5d021ba40f7a2bb1035aa08793dc
-
SHA1
23751b00d2e23c33dc83f4fc68722fa490e9c5dc
-
SHA256
7b35c6381adbf11bd623eedd5a49441ea54946c25448e5e127486ade11036d24
-
SHA512
2a60c392d751f4adf533b22f2802a8df261f551ec87e93a419c506aabb764a9a52611b7e62d8e79ec2ea51acc7ed167e03b31e01faa7e66b206326a05f758823
-
SSDEEP
12288:Qxa5KJ0g3va/9UfeU7cdHca2kkCVZN6q6pjW9hyKcujTLs4E9fQb:Qxa60gcSey88a9kxEhy6o9k
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Adds policy Run key to start application
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2