General
-
Target
7bce3fa1e44b3c8bdb08f471a2896916_JaffaCakes118
-
Size
531KB
-
Sample
241029-fbnrysvfph
-
MD5
7bce3fa1e44b3c8bdb08f471a2896916
-
SHA1
d4fabe0f6e1935b9e8c693cc0df424959763d6c4
-
SHA256
659d8f79f724ca9b3688eb8761b3b43f67e3cabe32be0af64885321e8b6b563f
-
SHA512
9b4e78f00e859db91f110025c1ed084eac0f65262c0fff1be69adda91c3fac828219ea15aa38a115cfd4991fd6dd6228f6cdcf5efdd6af24945b7373500890b1
-
SSDEEP
12288:nQAMijRSKDrVbvJtzi9Z1Xx+v8iQM5srXrIqEDo+KoP:nDMiDXVttCZT+v8iQYQUKO
Malware Config
Targets
-
-
Target
7bce3fa1e44b3c8bdb08f471a2896916_JaffaCakes118
-
Size
531KB
-
MD5
7bce3fa1e44b3c8bdb08f471a2896916
-
SHA1
d4fabe0f6e1935b9e8c693cc0df424959763d6c4
-
SHA256
659d8f79f724ca9b3688eb8761b3b43f67e3cabe32be0af64885321e8b6b563f
-
SHA512
9b4e78f00e859db91f110025c1ed084eac0f65262c0fff1be69adda91c3fac828219ea15aa38a115cfd4991fd6dd6228f6cdcf5efdd6af24945b7373500890b1
-
SSDEEP
12288:nQAMijRSKDrVbvJtzi9Z1Xx+v8iQM5srXrIqEDo+KoP:nDMiDXVttCZT+v8iQYQUKO
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1