General
-
Target
JaffaCakes118_0f5c444a8fc12b40a7076e495855813b
-
Size
708KB
-
Sample
250221-bvaxzs1pw9
-
MD5
0f5c444a8fc12b40a7076e495855813b
-
SHA1
fe527c1e874f522cd38ac18c31623654a4b0ba10
-
SHA256
08a65355da81446434465f31be08fff8c0a6b6b3d2ab2c14cc903fbe01f39b53
-
SHA512
9881939a73166e5a0f34837db8258f0abe77a90e121f48d784abcc45804a36d408f34daf0e8207e79048202b5ab85080f6011983b68d6285fde16e76d6247e7d
-
SSDEEP
12288:HM6Lx8ckslStluh/g60Mi6ItMKp67/m5EZ2anOZnjWnpw2KtW31j6a9G85:HfxLleM/g60MpItvQ7Oq0aOcL31d
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Slave
otthon.no-ip.biz:1604
DC_MUTEX-VJNPWBG
-
gencode
V5Suo32cXR48
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_0f5c444a8fc12b40a7076e495855813b
-
Size
708KB
-
MD5
0f5c444a8fc12b40a7076e495855813b
-
SHA1
fe527c1e874f522cd38ac18c31623654a4b0ba10
-
SHA256
08a65355da81446434465f31be08fff8c0a6b6b3d2ab2c14cc903fbe01f39b53
-
SHA512
9881939a73166e5a0f34837db8258f0abe77a90e121f48d784abcc45804a36d408f34daf0e8207e79048202b5ab85080f6011983b68d6285fde16e76d6247e7d
-
SSDEEP
12288:HM6Lx8ckslStluh/g60Mi6ItMKp67/m5EZ2anOZnjWnpw2KtW31j6a9G85:HfxLleM/g60MpItvQ7Oq0aOcL31d
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-