General
-
Target
JaffaCakes118_8f54fb212d78920e037e2955bf6b454b
-
Size
902KB
-
Sample
250329-wfrx6strt3
-
MD5
8f54fb212d78920e037e2955bf6b454b
-
SHA1
10901b97e5388b53a5d0f611f21760730d0207d5
-
SHA256
9e2c30c43202b34750a786441451ee0daa6b01dbcf6092e4987daf32fdf61088
-
SHA512
be857da48c0de4f1ff29be364b75e161a6c3c8cf4bcdaac635a57429bf75f5affab27b456c269781cbd2cb559440b9e7eb6f546d09626858d18555586b4a96c8
-
SSDEEP
12288:qzEJ/nmBx/rEp5PNoGVhUSwmcCfv+F/RoouiGsR+a:2Snsrw1TV2pCO/RxuZha
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
squeal
myronsqueal.no-ip.biz:1610
DC_MUTEX-CQWEFBJ
-
gencode
2jkoKMSjkGrH
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_8f54fb212d78920e037e2955bf6b454b
-
Size
902KB
-
MD5
8f54fb212d78920e037e2955bf6b454b
-
SHA1
10901b97e5388b53a5d0f611f21760730d0207d5
-
SHA256
9e2c30c43202b34750a786441451ee0daa6b01dbcf6092e4987daf32fdf61088
-
SHA512
be857da48c0de4f1ff29be364b75e161a6c3c8cf4bcdaac635a57429bf75f5affab27b456c269781cbd2cb559440b9e7eb6f546d09626858d18555586b4a96c8
-
SSDEEP
12288:qzEJ/nmBx/rEp5PNoGVhUSwmcCfv+F/RoouiGsR+a:2Snsrw1TV2pCO/RxuZha
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-