General
-
Target
JaffaCakes118_6b9b31f47e19dd029f29292ac63e6bb0
-
Size
668KB
-
Sample
250103-k8bk4swrb1
-
MD5
6b9b31f47e19dd029f29292ac63e6bb0
-
SHA1
ba683547a0b5e8dd82045f49aa013f80e7f9da8f
-
SHA256
fb5bb1a247df52bb1ae804d43ce78abc0aef1c7ee019424f6698d841bbece1c7
-
SHA512
a673910cf050234ebe4ddc5e807b9c2a1018960ac50ed28d0e5bc331f085a9364c4dbbb8f125f0885af74231314e13ee5ce8e43686b33e559138d3371109dd82
-
SSDEEP
12288:afFcGAT79cO2ZKpKHNMF4lSHgojKs6iVjXU8Qfyr/GL018:YpYoZKEMFLHgoTzVjk8QKLGLs8
Malware Config
Targets
-
-
Target
JaffaCakes118_6b9b31f47e19dd029f29292ac63e6bb0
-
Size
668KB
-
MD5
6b9b31f47e19dd029f29292ac63e6bb0
-
SHA1
ba683547a0b5e8dd82045f49aa013f80e7f9da8f
-
SHA256
fb5bb1a247df52bb1ae804d43ce78abc0aef1c7ee019424f6698d841bbece1c7
-
SHA512
a673910cf050234ebe4ddc5e807b9c2a1018960ac50ed28d0e5bc331f085a9364c4dbbb8f125f0885af74231314e13ee5ce8e43686b33e559138d3371109dd82
-
SSDEEP
12288:afFcGAT79cO2ZKpKHNMF4lSHgojKs6iVjXU8Qfyr/GL018:YpYoZKEMFLHgoTzVjk8QKLGLs8
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1