General
-
Target
24b1352f5a83c1a4312d9f5107ab4c49_JaffaCakes118
-
Size
251KB
-
Sample
240508-nt8tvaag2x
-
MD5
24b1352f5a83c1a4312d9f5107ab4c49
-
SHA1
e7748fbc5d762ca129f1c5d5a63d12ef0bbe479f
-
SHA256
9a8d9acaad5491f3bace47f75de44fcec18d966d9224c0c33b092de9f5ac5180
-
SHA512
7595b8f840f587e53509e0f7127e5de48f0351ddacc38affbc92f1918e5b816fd83394bb6db8c13f387c768845e9ce7288610d183fd63953956573979a981ff7
-
SSDEEP
6144:JcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ:JcWkbgTYWnYnt/IDYhP
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-XBAVWJC
-
gencode
ZfsZ1D19rBuA
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
24b1352f5a83c1a4312d9f5107ab4c49_JaffaCakes118
-
Size
251KB
-
MD5
24b1352f5a83c1a4312d9f5107ab4c49
-
SHA1
e7748fbc5d762ca129f1c5d5a63d12ef0bbe479f
-
SHA256
9a8d9acaad5491f3bace47f75de44fcec18d966d9224c0c33b092de9f5ac5180
-
SHA512
7595b8f840f587e53509e0f7127e5de48f0351ddacc38affbc92f1918e5b816fd83394bb6db8c13f387c768845e9ce7288610d183fd63953956573979a981ff7
-
SSDEEP
6144:JcNYk1yuwEDBum3qYWnl0pd0EX3Zq2b6wfIDYm0PHQ:JcWkbgTYWnYnt/IDYhP
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-