General
-
Target
6b5228408867c1a250c177ce49489273_JaffaCakes118
-
Size
850KB
-
Sample
240401-hzl95sgc2v
-
MD5
6b5228408867c1a250c177ce49489273
-
SHA1
a1ad3579cb3666025008484d288b23c5907db80a
-
SHA256
166c477928d3f10104edbb3a44e7922567c70a8bf58f51a76fa971fd2ad8194c
-
SHA512
66843e1a618b9908448124bdc6c9b930c5435fa2929186ea613c859d3b4b243e35d4a5b96beb6af348740793159d5ee1d17493142d05f8bd75133365a3d74aed
-
SSDEEP
24576:OnukqBdH2BuGCZg/vBcOAJaaktmSqvv/IOuAT:m4KBBCgvAJHktmS8vQOuA
Malware Config
Extracted
darkcomet
Guest16
6.tcp.ngrok.io:10371
DC_MUTEX-VHZPBK5
-
gencode
iXnzmGbAY8jT
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
6b5228408867c1a250c177ce49489273_JaffaCakes118
-
Size
850KB
-
MD5
6b5228408867c1a250c177ce49489273
-
SHA1
a1ad3579cb3666025008484d288b23c5907db80a
-
SHA256
166c477928d3f10104edbb3a44e7922567c70a8bf58f51a76fa971fd2ad8194c
-
SHA512
66843e1a618b9908448124bdc6c9b930c5435fa2929186ea613c859d3b4b243e35d4a5b96beb6af348740793159d5ee1d17493142d05f8bd75133365a3d74aed
-
SSDEEP
24576:OnukqBdH2BuGCZg/vBcOAJaaktmSqvv/IOuAT:m4KBBCgvAJHktmS8vQOuA
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-