General
-
Target
233c0885a75c07694c7b0fa767491d11_JaffaCakes118
-
Size
955KB
-
Sample
240703-wbdjzszhrq
-
MD5
233c0885a75c07694c7b0fa767491d11
-
SHA1
e780526014caba76903cd359bbb1352041d92fa0
-
SHA256
638ee0a533913be2c88d52662321f2fff8ed6227772c4040d69e3ad6803fc59d
-
SHA512
e514946ee2e7387acd8ad770867053eef0e286335fb4be64c3f23038b797a9bfe67f7f60cfa2403f48599412ee6d107fbd3fc900e2af5bd7f091d72f576d4b35
-
SSDEEP
12288:IPbpQ6atS6qBBak6ODYtyN+LAKCTGi9DjkEOUJzBlR73u1e8k:QQEBBf6OIyN+knK8jkbUFBq1
Malware Config
Extracted
darkcomet
Guest16
192.168.1.100:1604
dummydolly.zapto.org:1604
DC_MUTEX-F54S21D
-
gencode
KoBLdcL6yYyo
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
233c0885a75c07694c7b0fa767491d11_JaffaCakes118
-
Size
955KB
-
MD5
233c0885a75c07694c7b0fa767491d11
-
SHA1
e780526014caba76903cd359bbb1352041d92fa0
-
SHA256
638ee0a533913be2c88d52662321f2fff8ed6227772c4040d69e3ad6803fc59d
-
SHA512
e514946ee2e7387acd8ad770867053eef0e286335fb4be64c3f23038b797a9bfe67f7f60cfa2403f48599412ee6d107fbd3fc900e2af5bd7f091d72f576d4b35
-
SSDEEP
12288:IPbpQ6atS6qBBak6ODYtyN+LAKCTGi9DjkEOUJzBlR73u1e8k:QQEBBf6OIyN+knK8jkbUFBq1
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-