General
-
Target
eab9317a8b202c132c78322aa06d798f_JaffaCakes118
-
Size
836KB
-
Sample
240919-gse2tatgnd
-
MD5
eab9317a8b202c132c78322aa06d798f
-
SHA1
57fd3808f9669a9c73a25b4fb7e20b18069e02ed
-
SHA256
fe7fea0f5adc8bf465ce6cfc42be84e7d89573b591e885482d6c17ae0d9ac8e2
-
SHA512
eb189ef350dc530a5f87dc6cf8ddb955969b101a386737eec441ce59c400e030cc62b9b0f0bfe064c8ae7ca0de692a4a3257772b4b398c933a64c4295b077b3b
-
SSDEEP
12288:hINizheL8lCSm4ifvE/NAxukDqihzVT/DiKD:hD8LMDcvE/oDJVjDiE
Malware Config
Targets
-
-
Target
eab9317a8b202c132c78322aa06d798f_JaffaCakes118
-
Size
836KB
-
MD5
eab9317a8b202c132c78322aa06d798f
-
SHA1
57fd3808f9669a9c73a25b4fb7e20b18069e02ed
-
SHA256
fe7fea0f5adc8bf465ce6cfc42be84e7d89573b591e885482d6c17ae0d9ac8e2
-
SHA512
eb189ef350dc530a5f87dc6cf8ddb955969b101a386737eec441ce59c400e030cc62b9b0f0bfe064c8ae7ca0de692a4a3257772b4b398c933a64c4295b077b3b
-
SSDEEP
12288:hINizheL8lCSm4ifvE/NAxukDqihzVT/DiKD:hD8LMDcvE/oDJVjDiE
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Program crash
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1