General
-
Target
JaffaCakes118_79eac94a1d157984f6ca5768777c697e
-
Size
714KB
-
Sample
250104-qn33hstleq
-
MD5
79eac94a1d157984f6ca5768777c697e
-
SHA1
3a65486b83aa4b0ed1193992de12bbe72deccbf1
-
SHA256
617add525b0fdbedbf2d16bc12d8457bd36eed0e547f145d99e4acacbf3a4d68
-
SHA512
00d7a6468cedbe158679df496a4fa5736cf6e41a6c297785f6f5a721e5b29ac3bb979e1626ab72affb31e3923a595d5861aa3ebd1eee1482a89ae20d379c7017
-
SSDEEP
12288:yaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgds:jAEENIq8XwyVPQclDq/+WnpsSs
Malware Config
Targets
-
-
Target
JaffaCakes118_79eac94a1d157984f6ca5768777c697e
-
Size
714KB
-
MD5
79eac94a1d157984f6ca5768777c697e
-
SHA1
3a65486b83aa4b0ed1193992de12bbe72deccbf1
-
SHA256
617add525b0fdbedbf2d16bc12d8457bd36eed0e547f145d99e4acacbf3a4d68
-
SHA512
00d7a6468cedbe158679df496a4fa5736cf6e41a6c297785f6f5a721e5b29ac3bb979e1626ab72affb31e3923a595d5861aa3ebd1eee1482a89ae20d379c7017
-
SSDEEP
12288:yaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgds:jAEENIq8XwyVPQclDq/+WnpsSs
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1