General
-
Target
ee0193c0477748c0de51b176c33f7380_JaffaCakes118
-
Size
659KB
-
Sample
241214-ky21baxkf1
-
MD5
ee0193c0477748c0de51b176c33f7380
-
SHA1
e5903f8afe91aedca6af2b6bcb938317734b0f1f
-
SHA256
9d79976a30875657745f9813d916b66fee5153f4177bb487808f3b7f4ca783f3
-
SHA512
3938d63d21b141207c11d9baadf01321d2f47ffd6274f997379fd13d21da1e3bda0614ca44ecccefa4e26d7934b1078e9c9e8bd736af3d833d21962509c353a4
-
SSDEEP
12288:nfAFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKp:fAQ6Zx9cxTmOrucTIEFSpOGk
Malware Config
Targets
-
-
Target
ee0193c0477748c0de51b176c33f7380_JaffaCakes118
-
Size
659KB
-
MD5
ee0193c0477748c0de51b176c33f7380
-
SHA1
e5903f8afe91aedca6af2b6bcb938317734b0f1f
-
SHA256
9d79976a30875657745f9813d916b66fee5153f4177bb487808f3b7f4ca783f3
-
SHA512
3938d63d21b141207c11d9baadf01321d2f47ffd6274f997379fd13d21da1e3bda0614ca44ecccefa4e26d7934b1078e9c9e8bd736af3d833d21962509c353a4
-
SSDEEP
12288:nfAFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKp:fAQ6Zx9cxTmOrucTIEFSpOGk
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1