General
-
Target
75dc023575a4a7be24acb38b73a33147_JaffaCakes118
-
Size
955KB
-
Sample
241025-c1ad3stbqh
-
MD5
75dc023575a4a7be24acb38b73a33147
-
SHA1
2001360213344b3f853585f3e514c65931c878c3
-
SHA256
458ebf3beca0fc0ecc5a48307a8a193792c26bc5e5c8f013047848aec2f9c5f3
-
SHA512
49b761816e8445c09f83b09b1ee24d6a76669c06a2143d131ab1419febfb962309202b462e71ebff03eefba2c3f13acbe5ba5b3bb41c073b6afeef0f3b909c9e
-
SSDEEP
12288:Q3tv7Kl0RFy1sNT68jtwa3qhh+92VVON0UNeo0/sZp:Z0fy1sNTdX3q/E2VEeG
Malware Config
Extracted
darkcomet
FF
av360updat.redirectme.net:20
av360updat.redirectme.net:3388
suppressor.kicks-ass.org:3388
suppressor.kicks-ass.org:8081
DC_MUTEX-562ZLDG
-
gencode
obeRpedZvBuz
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
75dc023575a4a7be24acb38b73a33147_JaffaCakes118
-
Size
955KB
-
MD5
75dc023575a4a7be24acb38b73a33147
-
SHA1
2001360213344b3f853585f3e514c65931c878c3
-
SHA256
458ebf3beca0fc0ecc5a48307a8a193792c26bc5e5c8f013047848aec2f9c5f3
-
SHA512
49b761816e8445c09f83b09b1ee24d6a76669c06a2143d131ab1419febfb962309202b462e71ebff03eefba2c3f13acbe5ba5b3bb41c073b6afeef0f3b909c9e
-
SSDEEP
12288:Q3tv7Kl0RFy1sNT68jtwa3qhh+92VVON0UNeo0/sZp:Z0fy1sNTdX3q/E2VEeG
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-