General
-
Target
JaffaCakes118_68e253a55c4a28731487e0fdc3d835d0
-
Size
251KB
-
Sample
250102-3hhkvazmex
-
MD5
68e253a55c4a28731487e0fdc3d835d0
-
SHA1
135fcb91456244a3489a7df238736256c2a46710
-
SHA256
2b4d6cc309d66426d87561373019a305f680b78bf00b3cf4bfb5a70abfe2f43c
-
SHA512
ef2835bde74f6b3e70e368a724064f192c2b07d1a9b1d63285b211a36d5467714b686950cd6814c05e426f82a57cfa0b62caed2c8c1926317aae577ff93a3fa6
-
SSDEEP
6144:LcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37fH:LcW7KEZlPzCy37f
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1605
DC_MUTEX-GXY5GTG
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
EAfvbkXl76Al
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
JaffaCakes118_68e253a55c4a28731487e0fdc3d835d0
-
Size
251KB
-
MD5
68e253a55c4a28731487e0fdc3d835d0
-
SHA1
135fcb91456244a3489a7df238736256c2a46710
-
SHA256
2b4d6cc309d66426d87561373019a305f680b78bf00b3cf4bfb5a70abfe2f43c
-
SHA512
ef2835bde74f6b3e70e368a724064f192c2b07d1a9b1d63285b211a36d5467714b686950cd6814c05e426f82a57cfa0b62caed2c8c1926317aae577ff93a3fa6
-
SSDEEP
6144:LcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37fH:LcW7KEZlPzCy37f
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1