General
-
Target
JaffaCakes118_268667073c17eeb25c92a7409c324d4a
-
Size
1.9MB
-
Sample
250226-rm3k2asmx7
-
MD5
268667073c17eeb25c92a7409c324d4a
-
SHA1
3958d919bec76e459f49beb448e5e15938b0fc8e
-
SHA256
955496694e023d1c084e4c719e501c7f6e3908d98c380e597aca93f0931be375
-
SHA512
24d14e5880f8baf543032fcf51078481a7680407248e31181621c51a3979e7b019082f66f28268257a529808101d34d4f794e130fed2b5c2c8e0ec3622a3f226
-
SSDEEP
12288:Sm6+ZMvTxT4Jf6qQqR2kSBjg4xk60+7RGR1ExvkJdnLSAfmIzvGsXfVrHDGLqgTr:SSSnhwmJAqC9uGuFPKXDnsnTbich1
Malware Config
Extracted
darkcomet
Guest16
kroftyminecraft.no-ip.org:1604
DC_MUTEX-RNGJX9D
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
-
reg_key
winupdater
Targets
-
-
Target
JaffaCakes118_268667073c17eeb25c92a7409c324d4a
-
Size
1.9MB
-
MD5
268667073c17eeb25c92a7409c324d4a
-
SHA1
3958d919bec76e459f49beb448e5e15938b0fc8e
-
SHA256
955496694e023d1c084e4c719e501c7f6e3908d98c380e597aca93f0931be375
-
SHA512
24d14e5880f8baf543032fcf51078481a7680407248e31181621c51a3979e7b019082f66f28268257a529808101d34d4f794e130fed2b5c2c8e0ec3622a3f226
-
SSDEEP
12288:Sm6+ZMvTxT4Jf6qQqR2kSBjg4xk60+7RGR1ExvkJdnLSAfmIzvGsXfVrHDGLqgTr:SSSnhwmJAqC9uGuFPKXDnsnTbich1
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-