General
-
Target
JaffaCakes118_931fd2df25c735a9fe6281aca92d154e
-
Size
1.4MB
-
Sample
250329-xkq24swwct
-
MD5
931fd2df25c735a9fe6281aca92d154e
-
SHA1
b9cd9f2daa8ed036dfb28a586c7361946db65b49
-
SHA256
fd24ebf0579e4a7913ef3cbf447f761044368083c12d622e111512141f340f0f
-
SHA512
32182cc3a4376507a8c60898d601130e3109ae16fee5aa3ebf6e9d50d0b4e3cd670d2d54c8e627b23a1a8604098d20caefaa255261f9c0494f9216f122389be3
-
SSDEEP
24576:1mv86/nmFmu9FujCXCedRVioC8/77sNLgHu9uwsVx7IRUzJkTTX4JkTTX:1Rwn9pCSWXiU/729uRxPl2c2
Malware Config
Extracted
darkcomet
absolute2011.no-ip.org:1604
DC_MUTEX-H9KARFD
-
gencode
GfqXgvhYAhD-
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
JaffaCakes118_931fd2df25c735a9fe6281aca92d154e
-
Size
1.4MB
-
MD5
931fd2df25c735a9fe6281aca92d154e
-
SHA1
b9cd9f2daa8ed036dfb28a586c7361946db65b49
-
SHA256
fd24ebf0579e4a7913ef3cbf447f761044368083c12d622e111512141f340f0f
-
SHA512
32182cc3a4376507a8c60898d601130e3109ae16fee5aa3ebf6e9d50d0b4e3cd670d2d54c8e627b23a1a8604098d20caefaa255261f9c0494f9216f122389be3
-
SSDEEP
24576:1mv86/nmFmu9FujCXCedRVioC8/77sNLgHu9uwsVx7IRUzJkTTX4JkTTX:1Rwn9pCSWXiU/729uRxPl2c2
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-