General
-
Target
f6d70f49f5591a869286ebe73d8e6a7c_JaffaCakes118
-
Size
746KB
-
Sample
240417-3vslksac23
-
MD5
f6d70f49f5591a869286ebe73d8e6a7c
-
SHA1
446780aff428eb8f96b136e19c2a3f591b6c1c4f
-
SHA256
952a8b918722a1c01fe28bf5399d5410ede22e48aab8f99a277266c31de9ff76
-
SHA512
0a78c9015877c8c80bdaaf671d120098fba9abd1be9a07155e3528c1e901e88b7c3f38ae615524f39242c7c0d05010082c046918afb29e2e16edaf2189f64c03
-
SSDEEP
12288:Z6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh:8AmBpVKHu0Mu9Xo20VGLVP5
Malware Config
Targets
-
-
Target
f6d70f49f5591a869286ebe73d8e6a7c_JaffaCakes118
-
Size
746KB
-
MD5
f6d70f49f5591a869286ebe73d8e6a7c
-
SHA1
446780aff428eb8f96b136e19c2a3f591b6c1c4f
-
SHA256
952a8b918722a1c01fe28bf5399d5410ede22e48aab8f99a277266c31de9ff76
-
SHA512
0a78c9015877c8c80bdaaf671d120098fba9abd1be9a07155e3528c1e901e88b7c3f38ae615524f39242c7c0d05010082c046918afb29e2e16edaf2189f64c03
-
SSDEEP
12288:Z6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh:8AmBpVKHu0Mu9Xo20VGLVP5
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Windows security modification
-