General
-
Target
18f9cf81ea66ca51379e8205e4ecaac5_JaffaCakes118
-
Size
811KB
-
Sample
241006-vsfv1avhkj
-
MD5
18f9cf81ea66ca51379e8205e4ecaac5
-
SHA1
a0d6fbbcef06c9334c3db55cd85f8388b30eac3c
-
SHA256
81068ba4b4cf9b7360d1b19e7517ef91d868944e627c76a851d20e5351be36f9
-
SHA512
ff0f24ec3125237286073f53832ffc0f463ad5f955f9d5fce60b1e9786df9281ba66597ee9fe52bf735118bcab5e0f47b97bdc3d2a094e079484855dc284d9aa
-
SSDEEP
12288:VaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdaG:AAEENIq8XwyVPQclDq/+WnpsSL
Malware Config
Targets
-
-
Target
18f9cf81ea66ca51379e8205e4ecaac5_JaffaCakes118
-
Size
811KB
-
MD5
18f9cf81ea66ca51379e8205e4ecaac5
-
SHA1
a0d6fbbcef06c9334c3db55cd85f8388b30eac3c
-
SHA256
81068ba4b4cf9b7360d1b19e7517ef91d868944e627c76a851d20e5351be36f9
-
SHA512
ff0f24ec3125237286073f53832ffc0f463ad5f955f9d5fce60b1e9786df9281ba66597ee9fe52bf735118bcab5e0f47b97bdc3d2a094e079484855dc284d9aa
-
SSDEEP
12288:VaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdaG:AAEENIq8XwyVPQclDq/+WnpsSL
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1