General
-
Target
71cab67912cd74f132eb7a2e9a79a895_JaffaCakes118
-
Size
2.1MB
-
Sample
241024-b7zrwayfnf
-
MD5
71cab67912cd74f132eb7a2e9a79a895
-
SHA1
0129140bcdec501be5d6e0c4d84292800d0cb871
-
SHA256
8f386f11a89a952e5eb2fa91a087a44b9c8574faeed56bc3a644d6ee58505c20
-
SHA512
78f3b9b8cfca5f3c7784d540293089ee082587ac617c7d8179982d2ead5d085acfd3509f1ea6b7359db08d6947c45ba45dea6b95869c1bcb6bf7d66612beec75
-
SSDEEP
49152:YKl83VckH4jHNaTbFy3MWafiwo/dYClLTj48iaYz:Y+8G0AITaMswoFZr48iH
Malware Config
Targets
-
-
Target
71cab67912cd74f132eb7a2e9a79a895_JaffaCakes118
-
Size
2.1MB
-
MD5
71cab67912cd74f132eb7a2e9a79a895
-
SHA1
0129140bcdec501be5d6e0c4d84292800d0cb871
-
SHA256
8f386f11a89a952e5eb2fa91a087a44b9c8574faeed56bc3a644d6ee58505c20
-
SHA512
78f3b9b8cfca5f3c7784d540293089ee082587ac617c7d8179982d2ead5d085acfd3509f1ea6b7359db08d6947c45ba45dea6b95869c1bcb6bf7d66612beec75
-
SSDEEP
49152:YKl83VckH4jHNaTbFy3MWafiwo/dYClLTj48iaYz:Y+8G0AITaMswoFZr48iH
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1