General
-
Target
499abc9b9e32729211c134aec9816149_JaffaCakes118
-
Size
659KB
-
Sample
241015-x57wcssemh
-
MD5
499abc9b9e32729211c134aec9816149
-
SHA1
c564f4f73c85f178364c9871df110b4ca598bfcc
-
SHA256
e226f41995679ef171fed5b31f2f3be98eb2e978c5b4f3acbe17a7d16e1f03e8
-
SHA512
6949cc9cc76afab6e1d5befc40bbfc64f27ade57e1d20e083ac15efb3222c359560f671effd117ad061fb3d242c1db2ec125408db45bf45ac53a732862815161
-
SSDEEP
12288:y9iS9fa2FzsKZhxiNtazSO5pDt3iWpjuE8NTrfMc0cinVTgtl:5mf9t0GzfiWAEciVMtl
Malware Config
Targets
-
-
Target
499abc9b9e32729211c134aec9816149_JaffaCakes118
-
Size
659KB
-
MD5
499abc9b9e32729211c134aec9816149
-
SHA1
c564f4f73c85f178364c9871df110b4ca598bfcc
-
SHA256
e226f41995679ef171fed5b31f2f3be98eb2e978c5b4f3acbe17a7d16e1f03e8
-
SHA512
6949cc9cc76afab6e1d5befc40bbfc64f27ade57e1d20e083ac15efb3222c359560f671effd117ad061fb3d242c1db2ec125408db45bf45ac53a732862815161
-
SSDEEP
12288:y9iS9fa2FzsKZhxiNtazSO5pDt3iWpjuE8NTrfMc0cinVTgtl:5mf9t0GzfiWAEciVMtl
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1