General
-
Target
f5f6a9dc81942c0e2b8578dd911db8b5_JaffaCakes118
-
Size
1.3MB
-
Sample
240417-rk9xbsbd93
-
MD5
f5f6a9dc81942c0e2b8578dd911db8b5
-
SHA1
90007e58af0b0245f4876055e2cf345dc4bd95e9
-
SHA256
d8fc0bb9e2ff933ba6b2e72023694a3e3aa21b0764c863096f29023443a97921
-
SHA512
2dce216ad0bcf8933f4b6781277ba963766234957c1dd138239abe69722bab5034c5a25203f79583a74099250ca57c88b3a34448cb1f9ccf40b64f0f13302356
-
SSDEEP
12288:caAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdSk6t3a6F:dAEENIq8XwyVPQclDq/+WnpsSSkb6F
Malware Config
Targets
-
-
Target
f5f6a9dc81942c0e2b8578dd911db8b5_JaffaCakes118
-
Size
1.3MB
-
MD5
f5f6a9dc81942c0e2b8578dd911db8b5
-
SHA1
90007e58af0b0245f4876055e2cf345dc4bd95e9
-
SHA256
d8fc0bb9e2ff933ba6b2e72023694a3e3aa21b0764c863096f29023443a97921
-
SHA512
2dce216ad0bcf8933f4b6781277ba963766234957c1dd138239abe69722bab5034c5a25203f79583a74099250ca57c88b3a34448cb1f9ccf40b64f0f13302356
-
SSDEEP
12288:caAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdSk6t3a6F:dAEENIq8XwyVPQclDq/+WnpsSSkb6F
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-