General
-
Target
JaffaCakes118_0827cd0968f3c7519694f557f198773a
-
Size
246KB
-
Sample
250112-hgr3ns1lhv
-
MD5
0827cd0968f3c7519694f557f198773a
-
SHA1
401f4b753f6ff44313a41faad05123a2fa899973
-
SHA256
a057f8785315b15d78cf51d4371dc8c52c6512c94b9d85757dc0328db97b46c8
-
SHA512
b7748d3cb2c5d1c7bba5739900cf4a6dd3bc73bdb8cd57da806b738ad7bf31c691f801b90e9e69d4ec681c349dd439b86936cbb2bd2bf81d74544adec6786eaf
-
SSDEEP
6144:SMggLtESuJHedbXFN+xTHkPgVSf1wEC2G1Ydi:SMjLtExRedbXFYIvfby1
Malware Config
Targets
-
-
Target
JaffaCakes118_0827cd0968f3c7519694f557f198773a
-
Size
246KB
-
MD5
0827cd0968f3c7519694f557f198773a
-
SHA1
401f4b753f6ff44313a41faad05123a2fa899973
-
SHA256
a057f8785315b15d78cf51d4371dc8c52c6512c94b9d85757dc0328db97b46c8
-
SHA512
b7748d3cb2c5d1c7bba5739900cf4a6dd3bc73bdb8cd57da806b738ad7bf31c691f801b90e9e69d4ec681c349dd439b86936cbb2bd2bf81d74544adec6786eaf
-
SSDEEP
6144:SMggLtESuJHedbXFN+xTHkPgVSf1wEC2G1Ydi:SMjLtExRedbXFYIvfby1
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1