General
-
Target
b35e2600d6f1b1bc8a658e32e4c8a5af_JaffaCakes118
-
Size
830KB
-
Sample
240821-n4wx2axcjg
-
MD5
b35e2600d6f1b1bc8a658e32e4c8a5af
-
SHA1
b08985c46fe68ee1b606675e202ace7313157a26
-
SHA256
0ecfd6719166c4fd8e6eb23e41916b9c4f6980ad569a949496c96e5071a983a7
-
SHA512
67abc6d3faecab9878bdfcfb335d46090c51033a2d65aeb5f9b13c0a059c0b1a2445f1487f0f51f0c2c68638b712ba41fd3152cb8ce3bb843b9fcd540234a8cf
-
SSDEEP
12288:hAfRJ/lS0crSUCUagoZegeyKb1rwgDDheH9D2raw8mXhh5mM3K8AVapT:C/lSYFUGuhehwpXZ+8d
Malware Config
Targets
-
-
Target
b35e2600d6f1b1bc8a658e32e4c8a5af_JaffaCakes118
-
Size
830KB
-
MD5
b35e2600d6f1b1bc8a658e32e4c8a5af
-
SHA1
b08985c46fe68ee1b606675e202ace7313157a26
-
SHA256
0ecfd6719166c4fd8e6eb23e41916b9c4f6980ad569a949496c96e5071a983a7
-
SHA512
67abc6d3faecab9878bdfcfb335d46090c51033a2d65aeb5f9b13c0a059c0b1a2445f1487f0f51f0c2c68638b712ba41fd3152cb8ce3bb843b9fcd540234a8cf
-
SSDEEP
12288:hAfRJ/lS0crSUCUagoZegeyKb1rwgDDheH9D2raw8mXhh5mM3K8AVapT:C/lSYFUGuhehwpXZ+8d
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1