General
-
Target
468f7f133cbf6ab448d69e92a108f594_JaffaCakes118
-
Size
801KB
-
Sample
241015-jlsensxakp
-
MD5
468f7f133cbf6ab448d69e92a108f594
-
SHA1
c56441331a5d638e78da531d1353c16f14ca2594
-
SHA256
fd0bc2df815d342445a00082ed37e3c812543a0f19d401a242325026da9b5394
-
SHA512
bd2dff79fdd7a3a82cd99cd3957653c361a9f601a0a5c91f93f368d5f5a6db576fcfbdd046cc9fb9f636eb6dff56fe8e0234f8fdb9583b056ebab0cce2c4a0fe
-
SSDEEP
24576:4rkqwP0YBImHURqUO+1efRxvSW5VXwaOY5:4rkqLSIm1UZqRSkVAaOC
Malware Config
Targets
-
-
Target
468f7f133cbf6ab448d69e92a108f594_JaffaCakes118
-
Size
801KB
-
MD5
468f7f133cbf6ab448d69e92a108f594
-
SHA1
c56441331a5d638e78da531d1353c16f14ca2594
-
SHA256
fd0bc2df815d342445a00082ed37e3c812543a0f19d401a242325026da9b5394
-
SHA512
bd2dff79fdd7a3a82cd99cd3957653c361a9f601a0a5c91f93f368d5f5a6db576fcfbdd046cc9fb9f636eb6dff56fe8e0234f8fdb9583b056ebab0cce2c4a0fe
-
SSDEEP
24576:4rkqwP0YBImHURqUO+1efRxvSW5VXwaOY5:4rkqLSIm1UZqRSkVAaOC
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1