Overview

overview

10

Static

static

3

f4189716c0...18.exe

windows7-x64

10

f4189716c0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4189716c016fd336c8f9273122ce87e_JaffaCakes118

  • Size

    436KB

  • Sample

    240416-xd3sbshf43

  • MD5

    f4189716c016fd336c8f9273122ce87e

  • SHA1

    f0ca4d55f93293b33edd399ac4a9ca52923f1dff

  • SHA256

    72330cb358d47851e1ee9b6f9861783478b8882f366dfd5d9d9fe1e1a72e8ed5

  • SHA512

    0a87e358c0b4ecf8fcc791924ec29f9963d755f9a62129a0d1224f70d3f3882db11f73e81ddb8dc81d5e67a44a8078832118737f9ab6d7d7ef61cf2d9e060d4c

  • SSDEEP

    6144:4w/kMDudL7RpI9sA0KfEWtxI3PuCcLnw4lkhwDNkW8RaA/V:h/1KdnfAaWQWCYlkhwDD

Score
10/10
darkcometrattrojanupx

Malware Config

Targets

    • Target

      f4189716c016fd336c8f9273122ce87e_JaffaCakes118

    • Size

      436KB

    • MD5

      f4189716c016fd336c8f9273122ce87e

    • SHA1

      f0ca4d55f93293b33edd399ac4a9ca52923f1dff

    • SHA256

      72330cb358d47851e1ee9b6f9861783478b8882f366dfd5d9d9fe1e1a72e8ed5

    • SHA512

      0a87e358c0b4ecf8fcc791924ec29f9963d755f9a62129a0d1224f70d3f3882db11f73e81ddb8dc81d5e67a44a8078832118737f9ab6d7d7ef61cf2d9e060d4c

    • SSDEEP

      6144:4w/kMDudL7RpI9sA0KfEWtxI3PuCcLnw4lkhwDNkW8RaA/V:h/1KdnfAaWQWCYlkhwDD

    Score
    10/10
    darkcometrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks