General
-
Target
d208ad20d240b437f84f6df7c87caee7_JaffaCakes118
-
Size
833KB
-
Sample
240907-qpplhsycja
-
MD5
d208ad20d240b437f84f6df7c87caee7
-
SHA1
b595aff2cada2868a99e9df7d2856362c955d4dd
-
SHA256
ab5ee538853974ccb6bc195c9488578f1217c05a6f2246bbda2304d9d2bc8a09
-
SHA512
43e22060459bfe329860dadd3f4c45a040b4e07dc5442336991ccdbf9fa40e23e03248af851e03f9a400b8d1bb303c7d32f11775abec80cd03e4d22a0af06396
-
SSDEEP
24576:tTEviA7EjZtXFiB8ziZfDGHbwA/MDBb+oxRXWZ:6H74XFiBEsfD65/Mtb+SRXWZ
Malware Config
Targets
-
-
Target
d208ad20d240b437f84f6df7c87caee7_JaffaCakes118
-
Size
833KB
-
MD5
d208ad20d240b437f84f6df7c87caee7
-
SHA1
b595aff2cada2868a99e9df7d2856362c955d4dd
-
SHA256
ab5ee538853974ccb6bc195c9488578f1217c05a6f2246bbda2304d9d2bc8a09
-
SHA512
43e22060459bfe329860dadd3f4c45a040b4e07dc5442336991ccdbf9fa40e23e03248af851e03f9a400b8d1bb303c7d32f11775abec80cd03e4d22a0af06396
-
SSDEEP
24576:tTEviA7EjZtXFiB8ziZfDGHbwA/MDBb+oxRXWZ:6H74XFiBEsfD65/Mtb+SRXWZ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1