General
-
Target
46dfeb06c1695665042e4feddb480980_JaffaCakes118
-
Size
1.0MB
-
Sample
241015-kx8rgazbpm
-
MD5
46dfeb06c1695665042e4feddb480980
-
SHA1
d8a302e1aaca5c840821e04a9fe062cea19d1e49
-
SHA256
b51b1da5aae0484e7d1172feb0b843b9a843b32e9c42f64028bf7d674071a814
-
SHA512
9988843c4857ddb9d613d0cb8f7f9c2836cfdd7537de2a1563193d773b2af0150ac5fb1bbb0b819e7b1e7603b0b8eec9b044df2998b24cd24c9f3af3f18aa445
-
SSDEEP
24576:Se95EzGSCVEXETWODpuQrPrSvrGe352oBJmARW:Su5EzGSCyi5Edvl52kJq
Malware Config
Targets
-
-
Target
46dfeb06c1695665042e4feddb480980_JaffaCakes118
-
Size
1.0MB
-
MD5
46dfeb06c1695665042e4feddb480980
-
SHA1
d8a302e1aaca5c840821e04a9fe062cea19d1e49
-
SHA256
b51b1da5aae0484e7d1172feb0b843b9a843b32e9c42f64028bf7d674071a814
-
SHA512
9988843c4857ddb9d613d0cb8f7f9c2836cfdd7537de2a1563193d773b2af0150ac5fb1bbb0b819e7b1e7603b0b8eec9b044df2998b24cd24c9f3af3f18aa445
-
SSDEEP
24576:Se95EzGSCVEXETWODpuQrPrSvrGe352oBJmARW:Su5EzGSCyi5Edvl52kJq
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1