General
-
Target
8c59df2671f68c6026ca254483bf189c_JaffaCakes118
-
Size
1.5MB
-
Sample
241103-tp3pxsyfrk
-
MD5
8c59df2671f68c6026ca254483bf189c
-
SHA1
7d9b000aff2e1230f912538784227f9dae811a16
-
SHA256
33f13a29c8ecc5ad7056321e73aaf84217ec9ba685814fb34120b4f3ad6900dd
-
SHA512
d5c5d53b2f54c74cbcaa27ba33c014d0228475a020057bf83ec259e78c00085ee7c7239339c25d50febbad568367c72a28d6be5b2c77c3ee3f46d63e5f5db903
-
SSDEEP
24576:oRmJkcoQricOIQxiZY1iafBWtL/YerMytPZyyJ7:NJZoQrbTFZY1iafBWBYSBJ7
Malware Config
Extracted
darkcomet
Msconfig32
greatgiggles.zapto.org:9001
DC_MUTEX-EAB1BX6
-
gencode
TQgQFlfVslb7
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
latentbot
greatgiggles.zapto.org
Targets
-
-
Target
8c59df2671f68c6026ca254483bf189c_JaffaCakes118
-
Size
1.5MB
-
MD5
8c59df2671f68c6026ca254483bf189c
-
SHA1
7d9b000aff2e1230f912538784227f9dae811a16
-
SHA256
33f13a29c8ecc5ad7056321e73aaf84217ec9ba685814fb34120b4f3ad6900dd
-
SHA512
d5c5d53b2f54c74cbcaa27ba33c014d0228475a020057bf83ec259e78c00085ee7c7239339c25d50febbad568367c72a28d6be5b2c77c3ee3f46d63e5f5db903
-
SSDEEP
24576:oRmJkcoQricOIQxiZY1iafBWtL/YerMytPZyyJ7:NJZoQrbTFZY1iafBWBYSBJ7
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-