General
-
Target
JaffaCakes118_61a85259801468a7e86d8a969775e624
-
Size
678KB
-
Sample
250102-a6mv9atpcs
-
MD5
61a85259801468a7e86d8a969775e624
-
SHA1
ec7ac1ac05f91093140967692d845f6aabafa660
-
SHA256
5e34a191bcc951ec9c9e4eea6a09f5202b136b574a1a04fd9d323484257547f0
-
SHA512
88b3baca3fbf601ebbc33b515ba0bf057cebc393e27c7fa043a157784003ea9e75252560127f2221bc516a5335b9f39e77016f7a3dddaeca4b24b886080d1dc9
-
SSDEEP
12288:g8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixyl:ZUKoN0bUxgGa/pfBHDb+y1HgZ
Malware Config
Targets
-
-
Target
JaffaCakes118_61a85259801468a7e86d8a969775e624
-
Size
678KB
-
MD5
61a85259801468a7e86d8a969775e624
-
SHA1
ec7ac1ac05f91093140967692d845f6aabafa660
-
SHA256
5e34a191bcc951ec9c9e4eea6a09f5202b136b574a1a04fd9d323484257547f0
-
SHA512
88b3baca3fbf601ebbc33b515ba0bf057cebc393e27c7fa043a157784003ea9e75252560127f2221bc516a5335b9f39e77016f7a3dddaeca4b24b886080d1dc9
-
SSDEEP
12288:g8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixyl:ZUKoN0bUxgGa/pfBHDb+y1HgZ
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1