General
-
Target
JaffaCakes118_0113bc0a759a370a3fef7c88354cee99
-
Size
1.3MB
-
Sample
250218-wje3sawn12
-
MD5
0113bc0a759a370a3fef7c88354cee99
-
SHA1
6978508b1711a6024d4ba068955b6869ee6be718
-
SHA256
94981406a2aa1c6dc1b198a2281efe4464aa3d9bf9923e7c8bd3e6f81198cd4a
-
SHA512
9e6c828f68f64b5f09dd3e5ca0306d3011c73457d0787357a48cdfa41f1cdf84dabb2db52bcb5d6a64c2b44b939aab5e1b74730fbfce1d1b281e264c9369da3c
-
SSDEEP
24576:1OTeITnkOPoEykf34/fLsl4CG7VBlB85KxCXBv5WmJa4:0T1mEy/hn85E
Malware Config
Extracted
darkcomet
Guest16
gospish.no-ip.biz:1604
DC_MUTEX-3SPJBTE
-
gencode
NsfPWgwSw=/�
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
JaffaCakes118_0113bc0a759a370a3fef7c88354cee99
-
Size
1.3MB
-
MD5
0113bc0a759a370a3fef7c88354cee99
-
SHA1
6978508b1711a6024d4ba068955b6869ee6be718
-
SHA256
94981406a2aa1c6dc1b198a2281efe4464aa3d9bf9923e7c8bd3e6f81198cd4a
-
SHA512
9e6c828f68f64b5f09dd3e5ca0306d3011c73457d0787357a48cdfa41f1cdf84dabb2db52bcb5d6a64c2b44b939aab5e1b74730fbfce1d1b281e264c9369da3c
-
SSDEEP
24576:1OTeITnkOPoEykf34/fLsl4CG7VBlB85KxCXBv5WmJa4:0T1mEy/hn85E
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-