General
-
Target
1ed3a30529c25537a70993a0478a029e_JaffaCakes118
-
Size
1.6MB
-
Sample
240702-lk8rdawfjc
-
MD5
1ed3a30529c25537a70993a0478a029e
-
SHA1
8a455031007c9feacf4fb14805497f45bda2507f
-
SHA256
d8406ff8ea0c926788e1db38f183c38eecb4b7befb0097c8806231e4afbf437a
-
SHA512
65003730d55d2c0ff7525be95d137999f542cc1f52c3ad3fc4cce373e3d15bf75e4e9f136f7f9779d78fa28eb723d422566cd92ea7389f0e635ca7a2563b6c65
-
SSDEEP
24576:xP2qLCpAoeMovS77qhRMikWTasvYJrB8dsKfLKZqREVivLX9:xP2GCpAoeMqS77aRMiU6yVivLX
Malware Config
Targets
-
-
Target
1ed3a30529c25537a70993a0478a029e_JaffaCakes118
-
Size
1.6MB
-
MD5
1ed3a30529c25537a70993a0478a029e
-
SHA1
8a455031007c9feacf4fb14805497f45bda2507f
-
SHA256
d8406ff8ea0c926788e1db38f183c38eecb4b7befb0097c8806231e4afbf437a
-
SHA512
65003730d55d2c0ff7525be95d137999f542cc1f52c3ad3fc4cce373e3d15bf75e4e9f136f7f9779d78fa28eb723d422566cd92ea7389f0e635ca7a2563b6c65
-
SSDEEP
24576:xP2qLCpAoeMovS77qhRMikWTasvYJrB8dsKfLKZqREVivLX9:xP2GCpAoeMqS77aRMiU6yVivLX
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-