General
-
Target
386c52cc15b2b4e17d9af9a9022fb96d_JaffaCakes118
-
Size
714KB
-
Sample
241012-e3w2zaxgpk
-
MD5
386c52cc15b2b4e17d9af9a9022fb96d
-
SHA1
e991e95bbcbede2c038197a0db0dc18029bbf82a
-
SHA256
e6f258017a4ee9fa25dfa8c6e21d4962ad41d10ab0666099ffdc83884a4bfc5c
-
SHA512
2f2b900cf044ef7f347464542d4ea89c10976040eaea455d3fb1cf4bc01a6fb8a3c770be2a22d3fd6253774f892eef4b28c821c1af71727605cb1c1cba6f5d83
-
SSDEEP
12288:KaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdr:LAEENIq8XwyVPQclDq/+WnpsSr
Malware Config
Targets
-
-
Target
386c52cc15b2b4e17d9af9a9022fb96d_JaffaCakes118
-
Size
714KB
-
MD5
386c52cc15b2b4e17d9af9a9022fb96d
-
SHA1
e991e95bbcbede2c038197a0db0dc18029bbf82a
-
SHA256
e6f258017a4ee9fa25dfa8c6e21d4962ad41d10ab0666099ffdc83884a4bfc5c
-
SHA512
2f2b900cf044ef7f347464542d4ea89c10976040eaea455d3fb1cf4bc01a6fb8a3c770be2a22d3fd6253774f892eef4b28c821c1af71727605cb1c1cba6f5d83
-
SSDEEP
12288:KaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdr:LAEENIq8XwyVPQclDq/+WnpsSr
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1