General
-
Target
28757745d59cc3213c402c67d951f343_JaffaCakes118
-
Size
709KB
-
Sample
240706-rmtccszgnl
-
MD5
28757745d59cc3213c402c67d951f343
-
SHA1
9308aa62fb429e967cf070d12d5fe03ed8215147
-
SHA256
8a64ec35600409a02f382d55bcb0bddf8baaee69776f9ebd66995a19d3c4f449
-
SHA512
2fb9554262ab3974a4407eee425db7027bf1dd29d4ad0061f41c29551eee83b3465a47c2a8ee3d3bd05a79e74aed6503ab97afe2e52eb951e0385f3099f02577
-
SSDEEP
12288:p2CJynOBBEIbns9UbFPXecFootC/bOI/vDOs/OjGtBnV98Bc1kCK:pXCWJbs9WFPXQdacLPDth8ga
Malware Config
Extracted
darkcomet
Guest16
adkisrael.no-ip.biz:1604
DC_MUTEX-4FFN2ET
-
gencode
Z2vXa3qWNX99
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
28757745d59cc3213c402c67d951f343_JaffaCakes118
-
Size
709KB
-
MD5
28757745d59cc3213c402c67d951f343
-
SHA1
9308aa62fb429e967cf070d12d5fe03ed8215147
-
SHA256
8a64ec35600409a02f382d55bcb0bddf8baaee69776f9ebd66995a19d3c4f449
-
SHA512
2fb9554262ab3974a4407eee425db7027bf1dd29d4ad0061f41c29551eee83b3465a47c2a8ee3d3bd05a79e74aed6503ab97afe2e52eb951e0385f3099f02577
-
SSDEEP
12288:p2CJynOBBEIbns9UbFPXecFootC/bOI/vDOs/OjGtBnV98Bc1kCK:pXCWJbs9WFPXQdacLPDth8ga
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-