General
-
Target
JaffaCakes118_24135c15c8859f8fc57cb8ce472932d4
-
Size
658KB
-
Sample
250226-hbqyesvpv4
-
MD5
24135c15c8859f8fc57cb8ce472932d4
-
SHA1
9b2254c38a7306f5c8195223ea970a8198a0bb48
-
SHA256
444e7e899dcdf819467de8bcd7e6ff9b783dd21d4d2295f2556af82d02c425dc
-
SHA512
8e7c11ac5e80cc550a2690170311b95c3997f6546ac2af40e94f3fe6e6c0bcb009470b3a023f56508d7d8395b479544ce68589fb77fba324e8cf663489bb7d0a
-
SSDEEP
12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKq:3AQ6Zx9cxTmOrucTIEFSpOGT
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-F54S21D
-
gencode
jSU5o.=p�%Gb
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_24135c15c8859f8fc57cb8ce472932d4
-
Size
658KB
-
MD5
24135c15c8859f8fc57cb8ce472932d4
-
SHA1
9b2254c38a7306f5c8195223ea970a8198a0bb48
-
SHA256
444e7e899dcdf819467de8bcd7e6ff9b783dd21d4d2295f2556af82d02c425dc
-
SHA512
8e7c11ac5e80cc550a2690170311b95c3997f6546ac2af40e94f3fe6e6c0bcb009470b3a023f56508d7d8395b479544ce68589fb77fba324e8cf663489bb7d0a
-
SSDEEP
12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKq:3AQ6Zx9cxTmOrucTIEFSpOGT
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-