General
-
Target
eca9ce5db348469e8a35d1ba90afe9f3_JaffaCakes118
-
Size
821KB
-
Sample
241213-wdcepswmfs
-
MD5
eca9ce5db348469e8a35d1ba90afe9f3
-
SHA1
0f4e5eeb800071dbb77607be5e074edbb48ec29d
-
SHA256
3fabe9cdeffaae27669588d8bb64ff5180395d242ca9df43505d226739a2848e
-
SHA512
c91044c90f614f385cfd898281a48721ca855bb4b091da4a5fbb703079274bb9b4d20c0f3fd19c57af62d57080ad9875dba37d7c028c8b56cbb553accd09304e
-
SSDEEP
12288:UzCSurc/foCakvmVNp82o9j0i6HlICb+uhNJgjA/ErSKixCasylPxzsc9HkePaYX:UbuQoCqVNp82xJCCauh2A/EuKi1l7X
Malware Config
Targets
-
-
Target
eca9ce5db348469e8a35d1ba90afe9f3_JaffaCakes118
-
Size
821KB
-
MD5
eca9ce5db348469e8a35d1ba90afe9f3
-
SHA1
0f4e5eeb800071dbb77607be5e074edbb48ec29d
-
SHA256
3fabe9cdeffaae27669588d8bb64ff5180395d242ca9df43505d226739a2848e
-
SHA512
c91044c90f614f385cfd898281a48721ca855bb4b091da4a5fbb703079274bb9b4d20c0f3fd19c57af62d57080ad9875dba37d7c028c8b56cbb553accd09304e
-
SSDEEP
12288:UzCSurc/foCakvmVNp82o9j0i6HlICb+uhNJgjA/ErSKixCasylPxzsc9HkePaYX:UbuQoCqVNp82xJCCauh2A/EuKi1l7X
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Drops file in Drivers directory
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1