General
-
Target
4d9cc610b320ba38be66f36c55a9a771_JaffaCakes118
-
Size
840KB
-
Sample
241016-syq7ta1cmn
-
MD5
4d9cc610b320ba38be66f36c55a9a771
-
SHA1
2f399ad060bdaeabd2bd62c87aaec35dfafcfec3
-
SHA256
15656bffba0e2814b2c1ac576f7b8c5641ca19f640251b249983b72eafe51f5f
-
SHA512
f85388ca9a7bea96fc4cac7cd26201c9970de7e98f9ccf464bc1c27eb65a45b541e9077826b13a9b274fb2ec8f4089c1c640686ae9cec549d5f39caf85352d97
-
SSDEEP
12288:L////czfa1FLFhPI8woWYXnPlVql5ciJ4FCzB+ZqlV2UQQA8j:L////cba1FrPVw6RinBeKV2UQQA8j
Malware Config
Targets
-
-
Target
4d9cc610b320ba38be66f36c55a9a771_JaffaCakes118
-
Size
840KB
-
MD5
4d9cc610b320ba38be66f36c55a9a771
-
SHA1
2f399ad060bdaeabd2bd62c87aaec35dfafcfec3
-
SHA256
15656bffba0e2814b2c1ac576f7b8c5641ca19f640251b249983b72eafe51f5f
-
SHA512
f85388ca9a7bea96fc4cac7cd26201c9970de7e98f9ccf464bc1c27eb65a45b541e9077826b13a9b274fb2ec8f4089c1c640686ae9cec549d5f39caf85352d97
-
SSDEEP
12288:L////czfa1FLFhPI8woWYXnPlVql5ciJ4FCzB+ZqlV2UQQA8j:L////cba1FrPVw6RinBeKV2UQQA8j
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies firewall policy service
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2