General
-
Target
7cdf2bf37d386cbf5c21ac2fc0fc03e0_JaffaCakes118
-
Size
1.0MB
-
Sample
241029-1xre7askap
-
MD5
7cdf2bf37d386cbf5c21ac2fc0fc03e0
-
SHA1
d2c7e8d0a01985ec559c8d7a097ecb5ec6614799
-
SHA256
9f5cccbd8fedd9220042bd52b1e5106fcccf0ef7655a6770ba17cda1cd504560
-
SHA512
18a375fed1581ba04b2ab14c39f3516dc5adb8f5bcfa5be2796c36e0bd1f7e8ba1f63526b8667a987cb941c767256d426704cb144a0368f8204433def6e009ab
-
SSDEEP
24576:HwZFQ8PlrpwlfmDjeBHRupjPG4FUT+mt+zQ:N8NrpCfmDSBSFUT+mtGQ
Malware Config
Targets
-
-
Target
7cdf2bf37d386cbf5c21ac2fc0fc03e0_JaffaCakes118
-
Size
1.0MB
-
MD5
7cdf2bf37d386cbf5c21ac2fc0fc03e0
-
SHA1
d2c7e8d0a01985ec559c8d7a097ecb5ec6614799
-
SHA256
9f5cccbd8fedd9220042bd52b1e5106fcccf0ef7655a6770ba17cda1cd504560
-
SHA512
18a375fed1581ba04b2ab14c39f3516dc5adb8f5bcfa5be2796c36e0bd1f7e8ba1f63526b8667a987cb941c767256d426704cb144a0368f8204433def6e009ab
-
SSDEEP
24576:HwZFQ8PlrpwlfmDjeBHRupjPG4FUT+mt+zQ:N8NrpCfmDSBSFUT+mtGQ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1