Overview

overview

10

Static

static

3

ec21170142...18.exe

windows7-x64

10

ec21170142...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec21170142adede052901ee0cc56bf19_JaffaCakes118

  • Size

    420KB

  • Sample

    240410-2eejcagc6w

  • MD5

    ec21170142adede052901ee0cc56bf19

  • SHA1

    7a23b36e9143709c21b029001ed57d075c165678

  • SHA256

    b708a805c722b7381578b6bafc83aba1cbf1ff8f499c210cdb4d92159e47ebc2

  • SHA512

    fbcf497bf6f3266c698a7e2e00662ba8913ffd1cb99286a853060bfc7166e444af3af482a178a7a4e3b51dcf6248c20d911373d3823e579d407d9e1914e7b66c

  • SSDEEP

    12288:KqE6Zlh/f/2xqQeoTI4XfpVqTbVgem6S7:KqEihux1hhV8by9

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      ec21170142adede052901ee0cc56bf19_JaffaCakes118

    • Size

      420KB

    • MD5

      ec21170142adede052901ee0cc56bf19

    • SHA1

      7a23b36e9143709c21b029001ed57d075c165678

    • SHA256

      b708a805c722b7381578b6bafc83aba1cbf1ff8f499c210cdb4d92159e47ebc2

    • SHA512

      fbcf497bf6f3266c698a7e2e00662ba8913ffd1cb99286a853060bfc7166e444af3af482a178a7a4e3b51dcf6248c20d911373d3823e579d407d9e1914e7b66c

    • SSDEEP

      12288:KqE6Zlh/f/2xqQeoTI4XfpVqTbVgem6S7:KqEihux1hhV8by9

    Score
    10/10
    darkcometpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks