General
-
Target
JaffaCakes118_783505a9dd12d66d8229d08b110f1cbb
-
Size
723KB
-
Sample
250104-hcm8xsxkex
-
MD5
783505a9dd12d66d8229d08b110f1cbb
-
SHA1
e9d1257a4f2916650e1e5192ea3fe37ac07f4277
-
SHA256
cab3d148d42874dfa9576310d63b10fccc8fc2362a8c9b2774683e3669b15c27
-
SHA512
69a15a4042084b79f60cb3a8caf1e91b2974e3da7705b1ca945a8c6e69b55a65fd37f6dd25688526b3a90cf4ec23597ef44914d0a34276c8c21963f633b4bdae
-
SSDEEP
12288:oFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJn:I3nbWmJVJFwSddIXvfhqbiaxvRxq9J
Malware Config
Targets
-
-
Target
JaffaCakes118_783505a9dd12d66d8229d08b110f1cbb
-
Size
723KB
-
MD5
783505a9dd12d66d8229d08b110f1cbb
-
SHA1
e9d1257a4f2916650e1e5192ea3fe37ac07f4277
-
SHA256
cab3d148d42874dfa9576310d63b10fccc8fc2362a8c9b2774683e3669b15c27
-
SHA512
69a15a4042084b79f60cb3a8caf1e91b2974e3da7705b1ca945a8c6e69b55a65fd37f6dd25688526b3a90cf4ec23597ef44914d0a34276c8c21963f633b4bdae
-
SSDEEP
12288:oFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJn:I3nbWmJVJFwSddIXvfhqbiaxvRxq9J
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1