General
-
Target
ac5a4f010134be9439612f7084085559_JaffaCakes118
-
Size
706KB
-
Sample
241128-pw444sxpcz
-
MD5
ac5a4f010134be9439612f7084085559
-
SHA1
2bf9f1e476643fb20c995ba474d30490fd15419a
-
SHA256
3bf032577952a04273183885d393909cc88df592592b3931bbb2be09d76f6406
-
SHA512
aba97a3d7f3f17822f7ebc2ffa264430c1bc7723447c7a12c7a972afc570e5096c19c176aeba90d9d9d4dab44ca3d175cbafe89a7394dbdac761f59a2172ed8e
-
SSDEEP
12288:WfAcHlKDqJW1WJN28MF+nXRpPUwl9EMGyP1QmVxtf2xyrZA0S1LjD+G6VJ1GSZ7T:sg8W1W7MkRpHlphP1b2xwZAF1Lv+BYSZ
Malware Config
Targets
-
-
Target
Premium.exe
-
Size
1.1MB
-
MD5
0041c0d1fca736e86788f404a4a59ab8
-
SHA1
cc23f6e0c6e3c756cb167ca9e3b060f90e5e5754
-
SHA256
95d70ba84714f2471a57df471b583ecaade7936aa4f92783477441413813f3bd
-
SHA512
8cf90fb9423155304909514deddff8afd3cb31d480adebf05633f85237357f5e96ccbff01b3f3b27b490969f7983edeb32717d5ad41c5eb7213c79f9f65e2924
-
SSDEEP
24576:V6yr5Ms1sZAnfOUibyKbCaUvaTRb+zQy74r:V1sOxRk+R4
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1