General
-
Target
13803ebdba0993bab5f7229fd955972b_JaffaCakes118
-
Size
960KB
-
Sample
240626-z7j87axcmn
-
MD5
13803ebdba0993bab5f7229fd955972b
-
SHA1
a5e977d4dcdd53be60f0f48910d1b92ea7628202
-
SHA256
bbd2e79112498c9b3bf4c64a4843e7f54a260136846fcb3bbf123eee9c50225f
-
SHA512
457d97542f2114f95a526ab771fca972c6cc41bc07aa4106fa75973ef429f7562dc2e0cce0b146b82648a21459424ec0a395923394cfe5ca4fba05479c60b391
-
SSDEEP
12288:7kum12MecQTjV49hdWtuL+mi18X/x0JYBOVDaW9Aqhbfxb+FM9TqCPC04:hMXecGV4dRL+/1865VD7AAbJKuO
Malware Config
Targets
-
-
Target
13803ebdba0993bab5f7229fd955972b_JaffaCakes118
-
Size
960KB
-
MD5
13803ebdba0993bab5f7229fd955972b
-
SHA1
a5e977d4dcdd53be60f0f48910d1b92ea7628202
-
SHA256
bbd2e79112498c9b3bf4c64a4843e7f54a260136846fcb3bbf123eee9c50225f
-
SHA512
457d97542f2114f95a526ab771fca972c6cc41bc07aa4106fa75973ef429f7562dc2e0cce0b146b82648a21459424ec0a395923394cfe5ca4fba05479c60b391
-
SSDEEP
12288:7kum12MecQTjV49hdWtuL+mi18X/x0JYBOVDaW9Aqhbfxb+FM9TqCPC04:hMXecGV4dRL+/1865VD7AAbJKuO
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-