General
-
Target
3f3049e1470a2b2cbd5e5a8581df06f4_JaffaCakes118
-
Size
1.2MB
-
Sample
241013-lxhqqazhjf
-
MD5
3f3049e1470a2b2cbd5e5a8581df06f4
-
SHA1
3eb6f64051fc5c1aae042d5a0aed8b9a8bf2e2e9
-
SHA256
d8a07ee3c5b8c1495c2461e10703f6de8800db8e2a2ae2b3e3fa467747ea6204
-
SHA512
2cecaf631a6b3682dcf289c44bf9ccc28dc7e6c690ca1ceeeae46d7555b6f282d4b1402ecda8473b50f147ba472aad70361845e30613fab87658d522138ee64a
-
SSDEEP
24576:f79OKNSKZab8ihfodVkB8UGqflZNLD1P+Tcy:MKZHaSPld
Malware Config
Extracted
latentbot
deuscrypter.zapto.org
Targets
-
-
Target
3f3049e1470a2b2cbd5e5a8581df06f4_JaffaCakes118
-
Size
1.2MB
-
MD5
3f3049e1470a2b2cbd5e5a8581df06f4
-
SHA1
3eb6f64051fc5c1aae042d5a0aed8b9a8bf2e2e9
-
SHA256
d8a07ee3c5b8c1495c2461e10703f6de8800db8e2a2ae2b3e3fa467747ea6204
-
SHA512
2cecaf631a6b3682dcf289c44bf9ccc28dc7e6c690ca1ceeeae46d7555b6f282d4b1402ecda8473b50f147ba472aad70361845e30613fab87658d522138ee64a
-
SSDEEP
24576:f79OKNSKZab8ihfodVkB8UGqflZNLD1P+Tcy:MKZHaSPld
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1