General
-
Target
645b91563c038a8245e60be4db80758c_JaffaCakes118
-
Size
264KB
-
Sample
241020-19j7mstcmg
-
MD5
645b91563c038a8245e60be4db80758c
-
SHA1
671e0f0ed802063552f0f38f456d4c10f5ac588d
-
SHA256
5fed3bab379760eee8d0d4da5707706852a06140d9ff67550135e552e6a7f6ac
-
SHA512
9b492083887e34d5da919e85356a1e8d02d0f4bcbca51db8547709854ecdfbdc79d4fa754ecbcb1fc5b37d87ac266dee3e80a639f54039611ec2dd84bbfdbdc2
-
SSDEEP
6144:tas0tZ4pN4ohm6MaSh9rWxlIny+p3Gi+eBi0eBRUbsCv38r:gb434ohdsWrIf0I2Ub1sr
Malware Config
Targets
-
-
Target
645b91563c038a8245e60be4db80758c_JaffaCakes118
-
Size
264KB
-
MD5
645b91563c038a8245e60be4db80758c
-
SHA1
671e0f0ed802063552f0f38f456d4c10f5ac588d
-
SHA256
5fed3bab379760eee8d0d4da5707706852a06140d9ff67550135e552e6a7f6ac
-
SHA512
9b492083887e34d5da919e85356a1e8d02d0f4bcbca51db8547709854ecdfbdc79d4fa754ecbcb1fc5b37d87ac266dee3e80a639f54039611ec2dd84bbfdbdc2
-
SSDEEP
6144:tas0tZ4pN4ohm6MaSh9rWxlIny+p3Gi+eBi0eBRUbsCv38r:gb434ohdsWrIf0I2Ub1sr
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1