General
-
Target
ecbe2788da186fb254c618b21d446303_JaffaCakes118
-
Size
594KB
-
Sample
240920-dwbxsawbmh
-
MD5
ecbe2788da186fb254c618b21d446303
-
SHA1
0e261dd24f00ad297e93086d9cf1326933137997
-
SHA256
2450d1e8bea7cb4606191aa62c208974ab98f7ac3dcefa6a3b09286818a1168d
-
SHA512
93041cb0cf554684a197af525caba96da02f0b45b2d3aa23e140e6ca9c15bb9c4b7f3001fd0f3410a9d2ffacecb47027f742fb10982f87b180462c60cb723bf9
-
SSDEEP
12288:jK2mhAMJ/cPl+RhW13QPKP21+UDgni/O6AcEeC1d5MytGkNErbYy43AS+HGW+w5l:G2O/Gl+zSQPKP21dD+R6AcEeC1dxzNED
Malware Config
Extracted
darkcomet
Trillian
essstzttztz.zapto.org:1612
DC_MUTEX-1KBKQVH
-
gencode
nrKvEnTT3cgT
-
install
false
-
offline_keylogger
true
-
persistence
false
Extracted
latentbot
essstzttztz.zapto.org
Targets
-
-
Target
ecbe2788da186fb254c618b21d446303_JaffaCakes118
-
Size
594KB
-
MD5
ecbe2788da186fb254c618b21d446303
-
SHA1
0e261dd24f00ad297e93086d9cf1326933137997
-
SHA256
2450d1e8bea7cb4606191aa62c208974ab98f7ac3dcefa6a3b09286818a1168d
-
SHA512
93041cb0cf554684a197af525caba96da02f0b45b2d3aa23e140e6ca9c15bb9c4b7f3001fd0f3410a9d2ffacecb47027f742fb10982f87b180462c60cb723bf9
-
SSDEEP
12288:jK2mhAMJ/cPl+RhW13QPKP21+UDgni/O6AcEeC1d5MytGkNErbYy43AS+HGW+w5l:G2O/Gl+zSQPKP21dD+R6AcEeC1dxzNED
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-