General
-
Target
JaffaCakes118_3a845927764d4cb6aa3abb1631cd68e3fee94680bed9eac98815aa4c0374ebd5
-
Size
283KB
-
Sample
241229-cq61aszjfp
-
MD5
720f3e3f13361588cb4d25d0ede94d61
-
SHA1
500d7420920d688273ca3068d828c9ca846e839a
-
SHA256
3a845927764d4cb6aa3abb1631cd68e3fee94680bed9eac98815aa4c0374ebd5
-
SHA512
e865e14753a3de156c6d4189133d681e196e0c20978aaacd425df488749057fadecb216f08f5cbdbec255ec2ccfa6e527a64574066a6ea9f1845ae55e9d9a59a
-
SSDEEP
6144:MfgqLAAHsirOXxGv9JaAJjNuTRoUUJwzcpp:s/A7C4xadJORHUJwcH
Malware Config
Extracted
darkcomet
jhgjlg
bonda7678.ddns.net:7678
DCMIN_MUTEX-P1E7YQD
-
gencode
xh9S271HqNkk
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
86BE02A8682E584E135380D6E0FC60CF6AE80417CC195BB2C02C1AF1B51FE438
-
Size
292KB
-
MD5
08a59e2c9ffb12836ab61cd45d1470fa
-
SHA1
4c5a205e220f3d75c45186c365f6c5d02a19c218
-
SHA256
86be02a8682e584e135380d6e0fc60cf6ae80417cc195bb2c02c1af1b51fe438
-
SHA512
bea8ddb4699b3397d4ca2487b64ec5e6ba5d9b26958d3c77c78b03bb23b9ba03ed025accc8e69d54c7f31196d6c8de9dd813e1a488927336fb75cd9e1a1c8990
-
SSDEEP
6144:KtOdwLgxbcvr0x0ssTh0ZfjL4UVLpKb0p0KKAo+6k8sEXO3nRqflm:kOdwLgFFLW0ZL7jKYaKKAoBkx4O3RqN
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Adds Run key to start application
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-