General
-
Target
fa62762447178f03dbd4c917fbba38c4_JaffaCakes118
-
Size
658KB
-
Sample
240419-ql3nzadd69
-
MD5
fa62762447178f03dbd4c917fbba38c4
-
SHA1
7f206e11bf3e065b25483fc47f04dd00cec8a7c4
-
SHA256
9663ec93249cb07aa5cf6e04ac80d4e053cb1e02fe35ff44c6a7ac4e6f9637e5
-
SHA512
10d6d6b151e707fd9b3bc84dab5c7f4a1b68c09d706f03f67508f32999e76a4b0ab69f6de472750606317a40723430aff4e72ceebec5178252adfa74faca8173
-
SSDEEP
12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hi:OZ1xuVVjfFoynPaVBUR8f+kN10EBg
Malware Config
Extracted
darkcomet
ZeTeXe1
zetexe.no-ip.biz:6969
DC_MUTEX-GQ5Q67D
-
gencode
65VBsvZA1tXh
-
install
false
-
offline_keylogger
true
-
password
semipro
-
persistence
false
Targets
-
-
Target
fa62762447178f03dbd4c917fbba38c4_JaffaCakes118
-
Size
658KB
-
MD5
fa62762447178f03dbd4c917fbba38c4
-
SHA1
7f206e11bf3e065b25483fc47f04dd00cec8a7c4
-
SHA256
9663ec93249cb07aa5cf6e04ac80d4e053cb1e02fe35ff44c6a7ac4e6f9637e5
-
SHA512
10d6d6b151e707fd9b3bc84dab5c7f4a1b68c09d706f03f67508f32999e76a4b0ab69f6de472750606317a40723430aff4e72ceebec5178252adfa74faca8173
-
SSDEEP
12288:i9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hi:OZ1xuVVjfFoynPaVBUR8f+kN10EBg
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-