General
-
Target
ee7493d6b299d59fdc2267639a1631c8_JaffaCakes118
-
Size
423KB
-
Sample
241214-m71jyszlgx
-
MD5
ee7493d6b299d59fdc2267639a1631c8
-
SHA1
a457f7fb450b5bf14bcd30456a6d340c0f66d31b
-
SHA256
ef5f586a3eca3d5d12d5d20e69a5d2c1a3c72fc66cd561703afafbad3678593b
-
SHA512
9608eabd8465494a00cbafc60c307cf379de89cfc4d8d3c4cf1ac9230f0552b599ac49705a5b1611a850120f1a34b0bf4d5cc1ade4065e78805ff9453218944c
-
SSDEEP
12288:9HClQ+4hlLZB2Za37Pw/p3JG9ga3MlGqTUDoUkHVg96k6xj:ZC4ga37PM3JSzMlGTrwj
Malware Config
Extracted
darkcomet
Guest16
canoow.zapto.org:1202
DC_MUTEX-F54S21D
-
gencode
ClAmutivr9eS
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
ee7493d6b299d59fdc2267639a1631c8_JaffaCakes118
-
Size
423KB
-
MD5
ee7493d6b299d59fdc2267639a1631c8
-
SHA1
a457f7fb450b5bf14bcd30456a6d340c0f66d31b
-
SHA256
ef5f586a3eca3d5d12d5d20e69a5d2c1a3c72fc66cd561703afafbad3678593b
-
SHA512
9608eabd8465494a00cbafc60c307cf379de89cfc4d8d3c4cf1ac9230f0552b599ac49705a5b1611a850120f1a34b0bf4d5cc1ade4065e78805ff9453218944c
-
SSDEEP
12288:9HClQ+4hlLZB2Za37Pw/p3JG9ga3MlGqTUDoUkHVg96k6xj:ZC4ga37PM3JSzMlGTrwj
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-