General
-
Target
3705081132b367e3985b2cc7f5d9c01c_JaffaCakes118
-
Size
1.3MB
-
Sample
240511-22zg2aga77
-
MD5
3705081132b367e3985b2cc7f5d9c01c
-
SHA1
5edbdcf189f17724820cd175ffffe3622452ffb3
-
SHA256
54a3037490a60cec55fb077bbef9498651fb15c8a9d793a1daac6f002a251857
-
SHA512
d376b1348d772256d4e72bfed32aed508c252ae9b23bf4d1580e06c54b709c8aec2bee20402174ad3343567b77b3fb2d1227a628d49b9404862feee557f81348
-
SSDEEP
24576:wBkVXyEY13SkD1ybBhEAqYfEqoljIUaV2fLQ4TaovshgliPYiCcFafQYJ+:wBkVCEgEAAqYfEdlTxQavvYk0YiCQ
Malware Config
Extracted
darkcomet
Guest16_min
thegodforever.duckdns.org:1604
DCMIN_MUTEX-HRB12YV
-
gencode
Tfl8BoX2ATDK
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
3705081132b367e3985b2cc7f5d9c01c_JaffaCakes118
-
Size
1.3MB
-
MD5
3705081132b367e3985b2cc7f5d9c01c
-
SHA1
5edbdcf189f17724820cd175ffffe3622452ffb3
-
SHA256
54a3037490a60cec55fb077bbef9498651fb15c8a9d793a1daac6f002a251857
-
SHA512
d376b1348d772256d4e72bfed32aed508c252ae9b23bf4d1580e06c54b709c8aec2bee20402174ad3343567b77b3fb2d1227a628d49b9404862feee557f81348
-
SSDEEP
24576:wBkVXyEY13SkD1ybBhEAqYfEqoljIUaV2fLQ4TaovshgliPYiCcFafQYJ+:wBkVCEgEAAqYfEdlTxQavvYk0YiCQ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-