General
-
Target
a126fb4700e7288d0ef6d4188a4482ac_JaffaCakes118
-
Size
803KB
-
Sample
241126-lgqrds1rcl
-
MD5
a126fb4700e7288d0ef6d4188a4482ac
-
SHA1
8e85ad17b307a0bc4feb2fb094c34fe7ba796945
-
SHA256
20b51877f0945f6fea6e22256f45d67aabaa66cd455fd1fc46259c6feacfe9f2
-
SHA512
0f5eb3b5dba6119ab64f5fe681227f94b582027e5460c818b951e742796f3f654def61cb45d7884b4f1bb28f2a4ef15abaabbaaf8f4748dfd1b9a7aa24c83495
-
SSDEEP
12288:ua7gThYVHetIaER2H0YOsODOrG9AxOOLtt2m+vGSYvNTz5UpzRB0n8Vm6b:slaaiq0YOxEUAxFLtIm+OSY1/k0Qf
Malware Config
Targets
-
-
Target
a126fb4700e7288d0ef6d4188a4482ac_JaffaCakes118
-
Size
803KB
-
MD5
a126fb4700e7288d0ef6d4188a4482ac
-
SHA1
8e85ad17b307a0bc4feb2fb094c34fe7ba796945
-
SHA256
20b51877f0945f6fea6e22256f45d67aabaa66cd455fd1fc46259c6feacfe9f2
-
SHA512
0f5eb3b5dba6119ab64f5fe681227f94b582027e5460c818b951e742796f3f654def61cb45d7884b4f1bb28f2a4ef15abaabbaaf8f4748dfd1b9a7aa24c83495
-
SSDEEP
12288:ua7gThYVHetIaER2H0YOsODOrG9AxOOLtt2m+vGSYvNTz5UpzRB0n8Vm6b:slaaiq0YOxEUAxFLtIm+OSY1/k0Qf
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1