General
-
Target
ffec8e4ca472014f065d5eca601a4279_JaffaCakes118
-
Size
797KB
-
Sample
241219-vtvesaxjhk
-
MD5
ffec8e4ca472014f065d5eca601a4279
-
SHA1
31b1c07fc17803a1370a84f6ba51b74f9366912b
-
SHA256
93e34d530fe50e4cbca31f57ea1df7a8eee39e50774cec786c2fa45e101a2777
-
SHA512
0241ed19583319cc8d00b2f563f3625a25092fe80ce8c4016d4db5357c067c53b701e07d0d1b0d247a5915887171336c13663d373f6789471ced14005a964bd8
-
SSDEEP
24576:3eSb+RNeirGa7DVsPdEzF9GXWk4W7CvcCKK4Zt:5bcNei6AiPqrwWDdEZt
Malware Config
Targets
-
-
Target
ffec8e4ca472014f065d5eca601a4279_JaffaCakes118
-
Size
797KB
-
MD5
ffec8e4ca472014f065d5eca601a4279
-
SHA1
31b1c07fc17803a1370a84f6ba51b74f9366912b
-
SHA256
93e34d530fe50e4cbca31f57ea1df7a8eee39e50774cec786c2fa45e101a2777
-
SHA512
0241ed19583319cc8d00b2f563f3625a25092fe80ce8c4016d4db5357c067c53b701e07d0d1b0d247a5915887171336c13663d373f6789471ced14005a964bd8
-
SSDEEP
24576:3eSb+RNeirGa7DVsPdEzF9GXWk4W7CvcCKK4Zt:5bcNei6AiPqrwWDdEZt
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1