General
-
Target
a24a0e786c1e0673b83ed4fff9eba166_JaffaCakes118
-
Size
687KB
-
Sample
241126-q3f7astmds
-
MD5
a24a0e786c1e0673b83ed4fff9eba166
-
SHA1
361384a502ddcd27b329e8c39eac7d9753db42f4
-
SHA256
b620ac56c00c30c80c963f45ce7f091a12d0bb36389e776b67cfb1bc0e17cb5b
-
SHA512
d3a6b3ebf9a5bdd4cba708fe5c926b6c9cb5900768a36791a5d99113119c6937bfb8499f55af4c07f1c1084288284692cb0d4e3113551a23dbbdb9fe6bdec71d
-
SSDEEP
12288:PDbJhI6jsJlxaBYVjLjo5rD8yjSfDp4Adnbg5kUx:P5y++lbKrDsfDhbg5kUx
Malware Config
Targets
-
-
Target
a24a0e786c1e0673b83ed4fff9eba166_JaffaCakes118
-
Size
687KB
-
MD5
a24a0e786c1e0673b83ed4fff9eba166
-
SHA1
361384a502ddcd27b329e8c39eac7d9753db42f4
-
SHA256
b620ac56c00c30c80c963f45ce7f091a12d0bb36389e776b67cfb1bc0e17cb5b
-
SHA512
d3a6b3ebf9a5bdd4cba708fe5c926b6c9cb5900768a36791a5d99113119c6937bfb8499f55af4c07f1c1084288284692cb0d4e3113551a23dbbdb9fe6bdec71d
-
SSDEEP
12288:PDbJhI6jsJlxaBYVjLjo5rD8yjSfDp4Adnbg5kUx:P5y++lbKrDsfDhbg5kUx
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1