General
-
Target
JaffaCakes118_59bb1deed3bfcf5587feebd4021b089e
-
Size
686KB
-
Sample
250129-wjdjysvmez
-
MD5
59bb1deed3bfcf5587feebd4021b089e
-
SHA1
8474e18cda8e900ac70af5c875f14212a5549e65
-
SHA256
44b5ce8318f743afafc7c37ea116c5338e8c6646a3b3ff97d1a56e9a4a5e0268
-
SHA512
b400395aabd5e9618204fc0874543a37f651cf968f80c81b66e5ac002c2e60eaf7765d9c044324ae4209530918cb6c9b81f71be721e7f48a81d5cbbf341793ba
-
SSDEEP
12288:OAVztrMX0BMJDVJw6Gm+zpSVF1I1COJWx4KzWihXOpJnJeiIbl/lf:TLr78VK6EzAVF1I1CO8PzWiMJnJS5/lf
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-UJH6YCJ
-
gencode
NrFa8ixUVNaU
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_59bb1deed3bfcf5587feebd4021b089e
-
Size
686KB
-
MD5
59bb1deed3bfcf5587feebd4021b089e
-
SHA1
8474e18cda8e900ac70af5c875f14212a5549e65
-
SHA256
44b5ce8318f743afafc7c37ea116c5338e8c6646a3b3ff97d1a56e9a4a5e0268
-
SHA512
b400395aabd5e9618204fc0874543a37f651cf968f80c81b66e5ac002c2e60eaf7765d9c044324ae4209530918cb6c9b81f71be721e7f48a81d5cbbf341793ba
-
SSDEEP
12288:OAVztrMX0BMJDVJw6Gm+zpSVF1I1COJWx4KzWihXOpJnJeiIbl/lf:TLr78VK6EzAVF1I1CO8PzWiMJnJS5/lf
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-