General
-
Target
70f22c9b30cec321b16a7985ade6c5a1_JaffaCakes118
-
Size
346KB
-
Sample
241023-1kzk2a1bqc
-
MD5
70f22c9b30cec321b16a7985ade6c5a1
-
SHA1
74b17653e66569422cfdea9b3794458a271b1016
-
SHA256
e4e7ffcd0118c714714562021a506d4ebcbd9f309241f2a3b11c5d3e8fa67da3
-
SHA512
8b3a1bcf830bf45c924afc6b26d09150ab0c59b2c721d9a944662abe64f70cd69e513e0b70278665bd290af282e1c52ee5b7ef9aa8293f37519dae649307f8ed
-
SSDEEP
6144:wlT+yzHJUFWy3teOWniBWYp3VbW9Cu6Cr4VoA5y6GBefeGeLHILNeTH:wrpU8uVWB8lKEuVr4VofefX+8N0
Malware Config
Targets
-
-
Target
70f22c9b30cec321b16a7985ade6c5a1_JaffaCakes118
-
Size
346KB
-
MD5
70f22c9b30cec321b16a7985ade6c5a1
-
SHA1
74b17653e66569422cfdea9b3794458a271b1016
-
SHA256
e4e7ffcd0118c714714562021a506d4ebcbd9f309241f2a3b11c5d3e8fa67da3
-
SHA512
8b3a1bcf830bf45c924afc6b26d09150ab0c59b2c721d9a944662abe64f70cd69e513e0b70278665bd290af282e1c52ee5b7ef9aa8293f37519dae649307f8ed
-
SSDEEP
6144:wlT+yzHJUFWy3teOWniBWYp3VbW9Cu6Cr4VoA5y6GBefeGeLHILNeTH:wrpU8uVWB8lKEuVr4VofefX+8N0
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1