General
-
Target
40b2307d79faccc8d3472729e1e463d3_JaffaCakes118
-
Size
1.1MB
-
Sample
241013-s6ehzsyekj
-
MD5
40b2307d79faccc8d3472729e1e463d3
-
SHA1
48241ce49ce0f12108941270e93bc6f21516b46b
-
SHA256
b7eca3f93fa96f1a54a63315ef7eea3ee2ef587b6fdea45ab2c259dfd2cb37b6
-
SHA512
25777ce8798bcc4f371ae453bcc015dd4da68989f7f20eedeb53760995616446847091f7bbe4c65ae62b1fc329631da79a00c6adabd7b907bdb0f1ff45f8adda
-
SSDEEP
24576:S1plmte96geBY+S7bUw1zbuo2AVuPLZrMSxrMsnl851LTJKEio:coe9LEbGbUwtbuF2iVDxPny//io
Malware Config
Targets
-
-
Target
40b2307d79faccc8d3472729e1e463d3_JaffaCakes118
-
Size
1.1MB
-
MD5
40b2307d79faccc8d3472729e1e463d3
-
SHA1
48241ce49ce0f12108941270e93bc6f21516b46b
-
SHA256
b7eca3f93fa96f1a54a63315ef7eea3ee2ef587b6fdea45ab2c259dfd2cb37b6
-
SHA512
25777ce8798bcc4f371ae453bcc015dd4da68989f7f20eedeb53760995616446847091f7bbe4c65ae62b1fc329631da79a00c6adabd7b907bdb0f1ff45f8adda
-
SSDEEP
24576:S1plmte96geBY+S7bUw1zbuo2AVuPLZrMSxrMsnl851LTJKEio:coe9LEbGbUwtbuF2iVDxPny//io
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
6