General
-
Target
018ead3dd8a79fda90f3fbb1449d5856_JaffaCakes118
-
Size
14.8MB
-
Sample
240622-l4xs8axdjr
-
MD5
018ead3dd8a79fda90f3fbb1449d5856
-
SHA1
3dcddc349e2e2d52dff78f3fd38a9392ca58606a
-
SHA256
0bd959cee88096ce20dce40074cf2c46ac12a234e469c21b5571b5a730961a36
-
SHA512
0f7c8f55bd94342c8e194a421e6889b1385b396f911a815f7e95ae285744c9c3301a875ffadf4c5009ad27abc98f1c1a8555ee73cab4c7c2eccd09d421145cf3
-
SSDEEP
49152:UvDcWRW/jMwVDZzFor7DzKPp4R1QYnqOzFq+saeqqKnqIiHqYoSs604Ahcn1F7UK:
Malware Config
Targets
-
-
Target
018ead3dd8a79fda90f3fbb1449d5856_JaffaCakes118
-
Size
14.8MB
-
MD5
018ead3dd8a79fda90f3fbb1449d5856
-
SHA1
3dcddc349e2e2d52dff78f3fd38a9392ca58606a
-
SHA256
0bd959cee88096ce20dce40074cf2c46ac12a234e469c21b5571b5a730961a36
-
SHA512
0f7c8f55bd94342c8e194a421e6889b1385b396f911a815f7e95ae285744c9c3301a875ffadf4c5009ad27abc98f1c1a8555ee73cab4c7c2eccd09d421145cf3
-
SSDEEP
49152:UvDcWRW/jMwVDZzFor7DzKPp4R1QYnqOzFq+saeqqKnqIiHqYoSs604Ahcn1F7UK:
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-