Overview

overview

10

Static

static

3

f45e5a0953...18.exe

windows7-x64

10

f45e5a0953...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f45e5a09535db4501c895ca74bbc5b8c_JaffaCakes118

  • Size

    808KB

  • Sample

    240416-1c4j1sef9z

  • MD5

    f45e5a09535db4501c895ca74bbc5b8c

  • SHA1

    51dcc9d90c2ef023f83f9f929ab9dfd4f9dbd300

  • SHA256

    b4e9b4abd1b90a724a073f7acd9ddbe34a547f2c53ff0c9740b43f408253b302

  • SHA512

    b06a46bbe152ee2dcb33e5f159c59e012b44a647528b2a6604a238afcb6db9365518d5edcb35aa824e8d3e97ae6a392ca0db3e151f2e8961daccaed11a720c5f

  • SSDEEP

    24576:6cs2AwjOQIRP6XDFpxbV3mD7qcURNP6RNPyvzR:6cs2AqOQIA3xpOecURNP6RNPybR

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-BQKM08T

Attributes
  • gencode

    Vmwer6npedDB

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      f45e5a09535db4501c895ca74bbc5b8c_JaffaCakes118

    • Size

      808KB

    • MD5

      f45e5a09535db4501c895ca74bbc5b8c

    • SHA1

      51dcc9d90c2ef023f83f9f929ab9dfd4f9dbd300

    • SHA256

      b4e9b4abd1b90a724a073f7acd9ddbe34a547f2c53ff0c9740b43f408253b302

    • SHA512

      b06a46bbe152ee2dcb33e5f159c59e012b44a647528b2a6604a238afcb6db9365518d5edcb35aa824e8d3e97ae6a392ca0db3e151f2e8961daccaed11a720c5f

    • SSDEEP

      24576:6cs2AwjOQIRP6XDFpxbV3mD7qcURNP6RNPyvzR:6cs2AqOQIA3xpOecURNP6RNPybR

    Score
    10/10
    darkcometguest16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Program crash

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks