General
-
Target
JaffaCakes118_b72e3f8de2208c223f1b3c43bc33c40f
-
Size
1.1MB
-
Sample
250207-p24qjasngj
-
MD5
b72e3f8de2208c223f1b3c43bc33c40f
-
SHA1
60e5fca492812730972e01e15c24554ad07d1712
-
SHA256
26c087a30ff5843dd5cd9fa5f0077cc8550f698f0e63de15637023596dd383ca
-
SHA512
a5d23404716c9d0e8cf934465d57eecf36e3a5f3033eb12e4fc13c73d561b54573a7e87c047c599837d605de9f1fb9b4df8837315f1c792c631668557b2e5588
-
SSDEEP
12288:fkq2lbFpfgjxFRpQqrfd0MzmUOLhnK2higmjQlQHeQ1ag4fobbcAIPJm6Lbagtbf:f8yjtxqLhnphigwQljAb0xjaeFb
Malware Config
Extracted
darkcomet
TestGuest
ernesc.no-ip.biz:4662
DC_MUTEX-EGAZCCU
-
gencode
NDJLcwT5ytCM
-
install
false
-
offline_keylogger
true
-
password
h8you
-
persistence
false
Targets
-
-
Target
JaffaCakes118_b72e3f8de2208c223f1b3c43bc33c40f
-
Size
1.1MB
-
MD5
b72e3f8de2208c223f1b3c43bc33c40f
-
SHA1
60e5fca492812730972e01e15c24554ad07d1712
-
SHA256
26c087a30ff5843dd5cd9fa5f0077cc8550f698f0e63de15637023596dd383ca
-
SHA512
a5d23404716c9d0e8cf934465d57eecf36e3a5f3033eb12e4fc13c73d561b54573a7e87c047c599837d605de9f1fb9b4df8837315f1c792c631668557b2e5588
-
SSDEEP
12288:fkq2lbFpfgjxFRpQqrfd0MzmUOLhnK2higmjQlQHeQ1ag4fobbcAIPJm6Lbagtbf:f8yjtxqLhnphigwQljAb0xjaeFb
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-