General
-
Target
JaffaCakes118_206acb82dc788bfc164e71435da3a210
-
Size
642KB
-
Sample
250223-mxlm2stkdt
-
MD5
206acb82dc788bfc164e71435da3a210
-
SHA1
95e2d99b0dad201adfee3964056aadb9e32d5c7a
-
SHA256
68d0f7db19607f4e66fcfea5394e9959d9210599379c6deb84674b9f5ff3559b
-
SHA512
1a4165756fee1c802f36bc699bf97f884084050e152d7e6f3cfc5c6cc275cb11eef4421695a05258d64b787da2205bfed0d90f12d1c8c6ea76eb129cc9e4430d
-
SSDEEP
12288:72a5NZ7U2H2EQtzuirlheAXFxLGNMRTSy9p4uVrXECDNsJx:720NZg2wtaAvpVpGNMpdx6H
Malware Config
Extracted
darkcomet
DC
WalruusHOST.No-Ip.biz:200
DC_MUTEX-QPJD4E3
-
gencode
G3GML55m11q1
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_206acb82dc788bfc164e71435da3a210
-
Size
642KB
-
MD5
206acb82dc788bfc164e71435da3a210
-
SHA1
95e2d99b0dad201adfee3964056aadb9e32d5c7a
-
SHA256
68d0f7db19607f4e66fcfea5394e9959d9210599379c6deb84674b9f5ff3559b
-
SHA512
1a4165756fee1c802f36bc699bf97f884084050e152d7e6f3cfc5c6cc275cb11eef4421695a05258d64b787da2205bfed0d90f12d1c8c6ea76eb129cc9e4430d
-
SSDEEP
12288:72a5NZ7U2H2EQtzuirlheAXFxLGNMRTSy9p4uVrXECDNsJx:720NZg2wtaAvpVpGNMpdx6H
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-