General
-
Target
35ae3f6517869526394456b6edb2250e_JaffaCakes118
-
Size
511KB
-
Sample
240710-vzh9pssfrf
-
MD5
35ae3f6517869526394456b6edb2250e
-
SHA1
f3450b72567f934c0ae9d327e7b3c81740640765
-
SHA256
0283d70c21f41fb8f6672130e2a54ed236c4b345bb695ace50d0ff090f49bb46
-
SHA512
f50a3137f6921f1275d2e6133713fc3a4bdf37b63a2f60f2c68ede3fe8e5cfc206b6e5d2a13b0bdd6fde0d97e67cfe3063eb0fc52af309669090e3f19abc4328
-
SSDEEP
12288:x7LVlG24SKvf3hhpElL9OdQ3LNOuCkiXhlX9QqJ0Zh5:VVlmvf33vxuCkq5aX9
Malware Config
Extracted
darkcomet
Guest161
yahoohack.zapto.org:1605
127.0.0.1:1605
DC_MUTEX-N07L5DZ
-
gencode
xhRQdnR4ViZW
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
35ae3f6517869526394456b6edb2250e_JaffaCakes118
-
Size
511KB
-
MD5
35ae3f6517869526394456b6edb2250e
-
SHA1
f3450b72567f934c0ae9d327e7b3c81740640765
-
SHA256
0283d70c21f41fb8f6672130e2a54ed236c4b345bb695ace50d0ff090f49bb46
-
SHA512
f50a3137f6921f1275d2e6133713fc3a4bdf37b63a2f60f2c68ede3fe8e5cfc206b6e5d2a13b0bdd6fde0d97e67cfe3063eb0fc52af309669090e3f19abc4328
-
SSDEEP
12288:x7LVlG24SKvf3hhpElL9OdQ3LNOuCkiXhlX9QqJ0Zh5:VVlmvf33vxuCkq5aX9
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-