General
-
Target
15ad62d680dc9a102726839e40947cca_JaffaCakes118
-
Size
944KB
-
Sample
240627-mnpy4swhrb
-
MD5
15ad62d680dc9a102726839e40947cca
-
SHA1
2c86c551936166fffa254ec476cf32819b983ee8
-
SHA256
60813671d05bc0395d22388516b95cab683d03368fdcbfa5653b4aae9f1dc4ef
-
SHA512
3060257623a248f3332f98168248a44c78829cf49d5f19ee4e5cc8dd8ec7cf506c483f4c3cfb2c8f25fb772ad31e739e1e49db15b1c1c930845caee560057970
-
SSDEEP
24576:7uNkB2n5nfgrkrknV/uGTshqQgNBIBDTIUkMBtnxDQ:r2R2WkRuhhPgNSBDpXxDQ
Malware Config
Extracted
darkcomet
vic
samir9.no-ip.biz:1604
DC_MUTEX-8L7F27W
-
gencode
EhW4Tz7tm6tv
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
15ad62d680dc9a102726839e40947cca_JaffaCakes118
-
Size
944KB
-
MD5
15ad62d680dc9a102726839e40947cca
-
SHA1
2c86c551936166fffa254ec476cf32819b983ee8
-
SHA256
60813671d05bc0395d22388516b95cab683d03368fdcbfa5653b4aae9f1dc4ef
-
SHA512
3060257623a248f3332f98168248a44c78829cf49d5f19ee4e5cc8dd8ec7cf506c483f4c3cfb2c8f25fb772ad31e739e1e49db15b1c1c930845caee560057970
-
SSDEEP
24576:7uNkB2n5nfgrkrknV/uGTshqQgNBIBDTIUkMBtnxDQ:r2R2WkRuhhPgNSBDpXxDQ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-