General
-
Target
JaffaCakes118_572b5516b048049e2a3b0027ea4db7ef
-
Size
956KB
-
Sample
250115-pvzg8sspex
-
MD5
572b5516b048049e2a3b0027ea4db7ef
-
SHA1
70fddceb7e2385a334826f374e954520f2209de7
-
SHA256
2e2cc7ae02c04034acfe6380e82dac009a9bed80969e2a684181ecaf5a9e2a1b
-
SHA512
9b9df905e9e9c592cc81d421707feede20596f786e92bc8141bdd39619b53239d7375b4b325002d998a943f1f80a581616ef84b13cb27b1975fd391522350759
-
SSDEEP
24576:G5FMt36c7nSgMit65Eq/318GpGTv/JZl6Ezp:GFcOXit6SmjkF64
Malware Config
Targets
-
-
Target
JaffaCakes118_572b5516b048049e2a3b0027ea4db7ef
-
Size
956KB
-
MD5
572b5516b048049e2a3b0027ea4db7ef
-
SHA1
70fddceb7e2385a334826f374e954520f2209de7
-
SHA256
2e2cc7ae02c04034acfe6380e82dac009a9bed80969e2a684181ecaf5a9e2a1b
-
SHA512
9b9df905e9e9c592cc81d421707feede20596f786e92bc8141bdd39619b53239d7375b4b325002d998a943f1f80a581616ef84b13cb27b1975fd391522350759
-
SSDEEP
24576:G5FMt36c7nSgMit65Eq/318GpGTv/JZl6Ezp:GFcOXit6SmjkF64
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1