General
-
Target
3f08e90cbcd4bbed6d4f288ee78ea10b_JaffaCakes118
-
Size
378KB
-
Sample
241013-k99vastdlp
-
MD5
3f08e90cbcd4bbed6d4f288ee78ea10b
-
SHA1
93644927810b27bb2018a489d2b387083bd0cc72
-
SHA256
ca6d6e3220f13714a706d40336c206d5366ee5e040353814b63048077913aef6
-
SHA512
5d7e2f24179d2ab31eb2810e1de02cf18266996a8d66a86358f1e9e52edf5ea7caf3ac24d4982091dbecf0cf36e7cf8b0aa5e6ae5011178c463eb25fd2753226
-
SSDEEP
6144:Mauz2cK7tAS7lgCnoV7jL6MflAGo/sh6ZRnWfkTtiBg0AspqVKJgvPqzVM39cz/1:MHov7lToVIp7gOYg0TL+PUVMtcz/SYim
Malware Config
Targets
-
-
Target
3f08e90cbcd4bbed6d4f288ee78ea10b_JaffaCakes118
-
Size
378KB
-
MD5
3f08e90cbcd4bbed6d4f288ee78ea10b
-
SHA1
93644927810b27bb2018a489d2b387083bd0cc72
-
SHA256
ca6d6e3220f13714a706d40336c206d5366ee5e040353814b63048077913aef6
-
SHA512
5d7e2f24179d2ab31eb2810e1de02cf18266996a8d66a86358f1e9e52edf5ea7caf3ac24d4982091dbecf0cf36e7cf8b0aa5e6ae5011178c463eb25fd2753226
-
SSDEEP
6144:Mauz2cK7tAS7lgCnoV7jL6MflAGo/sh6ZRnWfkTtiBg0AspqVKJgvPqzVM39cz/1:MHov7lToVIp7gOYg0TL+PUVMtcz/SYim
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies firewall policy service
-
Windows security bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-