General
-
Target
a0c6891d4fd92ec783931e4ecb69babd_JaffaCakes118
-
Size
659KB
-
Sample
241126-j1wqmsypak
-
MD5
a0c6891d4fd92ec783931e4ecb69babd
-
SHA1
cc61f403dda94e4d33d7779bfe2df1d92e0968b9
-
SHA256
bcf9b2e537ec33539e22a6eafde142dbf6ce7de47d8ad7bd615f700169c0ed7f
-
SHA512
8ace55e82b8cdf5342899613963eb2c19075147377cc9e7e1daecd36da5dea7bda5fc0acc6d18d960ed3e0c9d4c55c4d7c8898ed097009e50dbc7358205e2c99
-
SSDEEP
12288:nnAFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKp:nAQ6Zx9cxTmOrucTIEFSpOGk
Malware Config
Targets
-
-
Target
a0c6891d4fd92ec783931e4ecb69babd_JaffaCakes118
-
Size
659KB
-
MD5
a0c6891d4fd92ec783931e4ecb69babd
-
SHA1
cc61f403dda94e4d33d7779bfe2df1d92e0968b9
-
SHA256
bcf9b2e537ec33539e22a6eafde142dbf6ce7de47d8ad7bd615f700169c0ed7f
-
SHA512
8ace55e82b8cdf5342899613963eb2c19075147377cc9e7e1daecd36da5dea7bda5fc0acc6d18d960ed3e0c9d4c55c4d7c8898ed097009e50dbc7358205e2c99
-
SSDEEP
12288:nnAFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKp:nAQ6Zx9cxTmOrucTIEFSpOGk
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1