General
-
Target
96e1b7e54ae0ce539cfe6cc55dd45642_JaffaCakes118
-
Size
1.1MB
-
Sample
241124-ynj9eawpfz
-
MD5
96e1b7e54ae0ce539cfe6cc55dd45642
-
SHA1
b15a8dcc868aabdf32ff462cadc921cba4afb477
-
SHA256
082c5ed7f0134b9cc7c9f9d7d8420cf25a3b709a4ebf9797c9f8637d3f5cb767
-
SHA512
cf3c461c7d8906bbc079e06c132fb08acbbba80c62ec9b35fa0a4caa5945f55906eb3cf5e20a8b5ffce1460533a058d7e8bd50988584c514ff30451d45aaf903
-
SSDEEP
24576:HCzsJS/A1jPhEeYChuUUmLoNOaj/ND9ngpyVeTW7U+oLOzcRoqV+CZEl+Q/8nV:Hwbn79U+k9RR7ElX/8V
Malware Config
Targets
-
-
Target
96e1b7e54ae0ce539cfe6cc55dd45642_JaffaCakes118
-
Size
1.1MB
-
MD5
96e1b7e54ae0ce539cfe6cc55dd45642
-
SHA1
b15a8dcc868aabdf32ff462cadc921cba4afb477
-
SHA256
082c5ed7f0134b9cc7c9f9d7d8420cf25a3b709a4ebf9797c9f8637d3f5cb767
-
SHA512
cf3c461c7d8906bbc079e06c132fb08acbbba80c62ec9b35fa0a4caa5945f55906eb3cf5e20a8b5ffce1460533a058d7e8bd50988584c514ff30451d45aaf903
-
SSDEEP
24576:HCzsJS/A1jPhEeYChuUUmLoNOaj/ND9ngpyVeTW7U+oLOzcRoqV+CZEl+Q/8nV:Hwbn79U+k9RR7ElX/8V
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1