General
-
Target
91db0e5f1bdc9c34b637e1486af2ba20_JaffaCakes118
-
Size
363KB
-
Sample
241124-b4mcdatmej
-
MD5
91db0e5f1bdc9c34b637e1486af2ba20
-
SHA1
4c074d5aff5729d91d727ece6d69468bb0856907
-
SHA256
f6e90bc9e9a52188f5867cab5f98c215e64bdb10ec2776ef1367e1d0f914d70e
-
SHA512
227a3be706b2690e549407cad8f4259e1f235db751b83888cfa14fa0a500a4f78182694bab5a1781b4c7107e83531778a748896f3478286b64483ea7910f8286
-
SSDEEP
6144:zw7mFvX4PWlLnTb2mpF4jb6dnUCL/AFKWkkeLJvEZhURqPmha/sV56e5t+R3IIh2:MkvYILnTtpG/2JzLpyhfekWEIIhII
Malware Config
Targets
-
-
Target
91db0e5f1bdc9c34b637e1486af2ba20_JaffaCakes118
-
Size
363KB
-
MD5
91db0e5f1bdc9c34b637e1486af2ba20
-
SHA1
4c074d5aff5729d91d727ece6d69468bb0856907
-
SHA256
f6e90bc9e9a52188f5867cab5f98c215e64bdb10ec2776ef1367e1d0f914d70e
-
SHA512
227a3be706b2690e549407cad8f4259e1f235db751b83888cfa14fa0a500a4f78182694bab5a1781b4c7107e83531778a748896f3478286b64483ea7910f8286
-
SSDEEP
6144:zw7mFvX4PWlLnTb2mpF4jb6dnUCL/AFKWkkeLJvEZhURqPmha/sV56e5t+R3IIh2:MkvYILnTtpG/2JzLpyhfekWEIIhII
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1