General
-
Target
9866071735dcfb965905f6c8c00f2da6_JaffaCakes118
-
Size
1.8MB
-
Sample
241125-btvk1a1jet
-
MD5
9866071735dcfb965905f6c8c00f2da6
-
SHA1
00f9824b86b322a5dbbf6275a4876230457ea055
-
SHA256
0f273de8142e8bcc10d95eb36c7fe524ce7a971b37ee49afa2aee213d5b22d5f
-
SHA512
5f4ced8e36193e30527dee220928da7e11ba3272e36597ba18827aad7c0273ac44fe2ae0ed4e2a85f89558a7a1d461306db01180c67c2c4f5ac051d26d784de7
-
SSDEEP
24576:joaUl2HAAZHL03Ww0j2aFBXZ06rAr70Jk/aBSBEJMG7JwgD2NiG5n3vOXPfP:kdeQe7XjsP5A/aAX
Malware Config
Targets
-
-
Target
9866071735dcfb965905f6c8c00f2da6_JaffaCakes118
-
Size
1.8MB
-
MD5
9866071735dcfb965905f6c8c00f2da6
-
SHA1
00f9824b86b322a5dbbf6275a4876230457ea055
-
SHA256
0f273de8142e8bcc10d95eb36c7fe524ce7a971b37ee49afa2aee213d5b22d5f
-
SHA512
5f4ced8e36193e30527dee220928da7e11ba3272e36597ba18827aad7c0273ac44fe2ae0ed4e2a85f89558a7a1d461306db01180c67c2c4f5ac051d26d784de7
-
SSDEEP
24576:joaUl2HAAZHL03Ww0j2aFBXZ06rAr70Jk/aBSBEJMG7JwgD2NiG5n3vOXPfP:kdeQe7XjsP5A/aAX
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1