General
-
Target
15e96bf01b639f9c64103ce11db0a348_JaffaCakes118
-
Size
273KB
-
Sample
240627-n3jw3szejg
-
MD5
15e96bf01b639f9c64103ce11db0a348
-
SHA1
761b2545dc9334191f993b5d3ad812ac4722a1e2
-
SHA256
4536fe2f77f6856971dc83bf4a37bbe81c25d6f15af4906ea6fe1a17ceebd066
-
SHA512
bead42c7d9ff23f5a49f7cf3f8b680ddae74bea5e4203af9a023d5e1d02f95ca682f96f3a341e2f8d23c62c05d96d32ccb4ce4d00d6cb10e228aa9e67d498cca
-
SSDEEP
6144:W1iJcYtR1HsvpSHY7KoSrfTNBuzZZcA1wnOLrMM4f:WkHcpSHY7VSrfT2/czO3HM
Malware Config
Targets
-
-
Target
15e96bf01b639f9c64103ce11db0a348_JaffaCakes118
-
Size
273KB
-
MD5
15e96bf01b639f9c64103ce11db0a348
-
SHA1
761b2545dc9334191f993b5d3ad812ac4722a1e2
-
SHA256
4536fe2f77f6856971dc83bf4a37bbe81c25d6f15af4906ea6fe1a17ceebd066
-
SHA512
bead42c7d9ff23f5a49f7cf3f8b680ddae74bea5e4203af9a023d5e1d02f95ca682f96f3a341e2f8d23c62c05d96d32ccb4ce4d00d6cb10e228aa9e67d498cca
-
SSDEEP
6144:W1iJcYtR1HsvpSHY7KoSrfTNBuzZZcA1wnOLrMM4f:WkHcpSHY7VSrfT2/czO3HM
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies firewall policy service
-
Windows security bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Suspicious use of SetThreadContext
-