General
-
Target
8deb18dfce0d3f8464e695730880f195_JaffaCakes118
-
Size
549KB
-
Sample
240812-jqbbyswekb
-
MD5
8deb18dfce0d3f8464e695730880f195
-
SHA1
16f0869c65304f4f86245600ac5e76129b868834
-
SHA256
77d6f16b582b91a2c2f400bc401fb8c22e3db6f0acf52b4c62e5ef4be6da683f
-
SHA512
b249baafe87ee97cd0d93359e7dd25dab5bacad4e31182854c062654e862d0153d55e31ae838abc72c549b3152479a8a4087edbec1848718a5b62657321b00ff
-
SSDEEP
12288:0IZmE7Dd85UKZpJg+HT+oWEmLilK/lGRgOUqmq9kR6lhKXwB3a9FsqJKB57d8f6:0WmGh8q2vHCoWcK/cRgOnmq9g6FB36r0
Malware Config
Targets
-
-
Target
8deb18dfce0d3f8464e695730880f195_JaffaCakes118
-
Size
549KB
-
MD5
8deb18dfce0d3f8464e695730880f195
-
SHA1
16f0869c65304f4f86245600ac5e76129b868834
-
SHA256
77d6f16b582b91a2c2f400bc401fb8c22e3db6f0acf52b4c62e5ef4be6da683f
-
SHA512
b249baafe87ee97cd0d93359e7dd25dab5bacad4e31182854c062654e862d0153d55e31ae838abc72c549b3152479a8a4087edbec1848718a5b62657321b00ff
-
SSDEEP
12288:0IZmE7Dd85UKZpJg+HT+oWEmLilK/lGRgOUqmq9kR6lhKXwB3a9FsqJKB57d8f6:0WmGh8q2vHCoWcK/cRgOnmq9g6FB36r0
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1