General
-
Target
608c12808ab06ae84d06db33c5a7f255_JaffaCakes118
-
Size
1.2MB
-
Sample
240721-pd81casdpn
-
MD5
608c12808ab06ae84d06db33c5a7f255
-
SHA1
55fac497c60e53bc065edc4aec23831c8d94f400
-
SHA256
d58561e9c5907fd68616709bdd774006dd4d9554b51b41c85e1c6ee5b676aaad
-
SHA512
07a4b854c15060c5db97c658851a4114cf1bb8e49de8153685713679d879661fcf32ff541581106e9f48b4db901631a581399327ae51a531c3ac883028dda1d3
-
SSDEEP
24576:my2fNlS9Kiyg44DewueDskVfC8Ty6DtRuxM4KhYI3V:1eNhNg4PGVfC8TyORJ7Yq
Malware Config
Targets
-
-
Target
608c12808ab06ae84d06db33c5a7f255_JaffaCakes118
-
Size
1.2MB
-
MD5
608c12808ab06ae84d06db33c5a7f255
-
SHA1
55fac497c60e53bc065edc4aec23831c8d94f400
-
SHA256
d58561e9c5907fd68616709bdd774006dd4d9554b51b41c85e1c6ee5b676aaad
-
SHA512
07a4b854c15060c5db97c658851a4114cf1bb8e49de8153685713679d879661fcf32ff541581106e9f48b4db901631a581399327ae51a531c3ac883028dda1d3
-
SSDEEP
24576:my2fNlS9Kiyg44DewueDskVfC8Ty6DtRuxM4KhYI3V:1eNhNg4PGVfC8TyORJ7Yq
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-