General
-
Target
900ac8bb2098ca97595c2849b111c4fe_JaffaCakes118
-
Size
756KB
-
Sample
241123-xggn9szrhx
-
MD5
900ac8bb2098ca97595c2849b111c4fe
-
SHA1
1824e9cd4a966b6fd4ce0f1ab261c6b57e2b9270
-
SHA256
e9d8a5b621d6c001758242122f9632d8be40b94206c667e7cc1f9ebc7e10cc6a
-
SHA512
5b639446883e8a96064b05a1fa8c7173ab3f5cae32c8f949f22c03fb79009306c1ecf737fe7387d91379893cfabde8719cbc75a1e79edce2ee071fba06167ee7
-
SSDEEP
12288:29AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKwFIIhII:MAQ6Zx9cxTmOrucTIEFSpOG
Malware Config
Targets
-
-
Target
900ac8bb2098ca97595c2849b111c4fe_JaffaCakes118
-
Size
756KB
-
MD5
900ac8bb2098ca97595c2849b111c4fe
-
SHA1
1824e9cd4a966b6fd4ce0f1ab261c6b57e2b9270
-
SHA256
e9d8a5b621d6c001758242122f9632d8be40b94206c667e7cc1f9ebc7e10cc6a
-
SHA512
5b639446883e8a96064b05a1fa8c7173ab3f5cae32c8f949f22c03fb79009306c1ecf737fe7387d91379893cfabde8719cbc75a1e79edce2ee071fba06167ee7
-
SSDEEP
12288:29AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKwFIIhII:MAQ6Zx9cxTmOrucTIEFSpOG
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1