General
-
Target
JaffaCakes118_0da6a5a744a20f2307bea6ac4b2ae6db
-
Size
1.7MB
-
Sample
250122-pqq1aswng1
-
MD5
0da6a5a744a20f2307bea6ac4b2ae6db
-
SHA1
03287ae1adcc2b751d6f70f2e129b131924bd4bf
-
SHA256
ba48e7607c54f5a5c943c46bbe060a2ee24c51ac98c9f35ab8442d7fc3cf1eb1
-
SHA512
c846375071041b1dc6701de64f8ea6250b68052236f15af0946f11291e47b4be3068ece459f349723c5adc887f7edbda25c2d89adcd06d59d37e40e5f948bb1e
-
SSDEEP
49152:+hKLFggNIOFQGbFpDsGX9zCVtVZy/Tyw0Dy:+ddoo8wRUTyw0O
Malware Config
Targets
-
-
Target
JaffaCakes118_0da6a5a744a20f2307bea6ac4b2ae6db
-
Size
1.7MB
-
MD5
0da6a5a744a20f2307bea6ac4b2ae6db
-
SHA1
03287ae1adcc2b751d6f70f2e129b131924bd4bf
-
SHA256
ba48e7607c54f5a5c943c46bbe060a2ee24c51ac98c9f35ab8442d7fc3cf1eb1
-
SHA512
c846375071041b1dc6701de64f8ea6250b68052236f15af0946f11291e47b4be3068ece459f349723c5adc887f7edbda25c2d89adcd06d59d37e40e5f948bb1e
-
SSDEEP
49152:+hKLFggNIOFQGbFpDsGX9zCVtVZy/Tyw0Dy:+ddoo8wRUTyw0O
Score10/10-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies security service
-
Windows security bypass
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1