General
-
Target
JaffaCakes118_b9171682cddd15d71c00c2d4b4609fd0
-
Size
1.2MB
-
Sample
250207-tzl5xsymb1
-
MD5
b9171682cddd15d71c00c2d4b4609fd0
-
SHA1
04f2e42481194d2f5c4b10674ceccc7e67d53a52
-
SHA256
e3443eebe1dd00ab38ec79e59fd1dd2049086ecb0ff8daa388a2e95e3bc81668
-
SHA512
3db805cd9e3651deb78c02b967d3a3ea6b9d33587175147a2734571c137a31f80fdfd0ccdbcdd16795af1e946595410b0503224c624eb8cb6f5a4831456cb69f
-
SSDEEP
24576:4ACAnPRbRFqY9WKAO/slOC8yKDwQzLYs0wiGLlIjfxiGbUlvs7twfIhqX2lJevV+:4AC0TJNs9pcFvIu
Malware Config
Extracted
darkcomet
g16
nasload.hopto.org:4990
DC_MUTEX-DN5UT82
-
gencode
ZAEYRPsjDJAM
-
install
false
-
offline_keylogger
true
-
password
ekoflash
-
persistence
false
Targets
-
-
Target
JaffaCakes118_b9171682cddd15d71c00c2d4b4609fd0
-
Size
1.2MB
-
MD5
b9171682cddd15d71c00c2d4b4609fd0
-
SHA1
04f2e42481194d2f5c4b10674ceccc7e67d53a52
-
SHA256
e3443eebe1dd00ab38ec79e59fd1dd2049086ecb0ff8daa388a2e95e3bc81668
-
SHA512
3db805cd9e3651deb78c02b967d3a3ea6b9d33587175147a2734571c137a31f80fdfd0ccdbcdd16795af1e946595410b0503224c624eb8cb6f5a4831456cb69f
-
SSDEEP
24576:4ACAnPRbRFqY9WKAO/slOC8yKDwQzLYs0wiGLlIjfxiGbUlvs7twfIhqX2lJevV+:4AC0TJNs9pcFvIu
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1