Overview

overview

10

Static

static

3

f4313881fa...18.exe

windows7-x64

10

f4313881fa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4313881fa968ddafeeb336e2749e324_JaffaCakes118

  • Size

    412KB

  • Sample

    240416-yec4qscd2v

  • MD5

    f4313881fa968ddafeeb336e2749e324

  • SHA1

    c26953eb12c031b71d70f5c97a9fbedd32150efb

  • SHA256

    01ee90a7d468ae0521c715d120fc6bd67d365171b67eda16a22b1c53671ceb78

  • SHA512

    da40a617f93a0a835d8bbd8a26a5717327701fcb734f17e7992bb4c5cc9d7d864938641f7b128317e52f4136e226a6c960ba2498b949c2d86886944b9e4f3aa3

  • SSDEEP

    12288:M5/2KDfYG79b81d39JCGrZU6OFhMk/eR6:U2KDf99I1d3bCGre6OFf/eE

Score
10/10
darkcometpersistencerattrojanupx

Malware Config

Targets

    • Target

      f4313881fa968ddafeeb336e2749e324_JaffaCakes118

    • Size

      412KB

    • MD5

      f4313881fa968ddafeeb336e2749e324

    • SHA1

      c26953eb12c031b71d70f5c97a9fbedd32150efb

    • SHA256

      01ee90a7d468ae0521c715d120fc6bd67d365171b67eda16a22b1c53671ceb78

    • SHA512

      da40a617f93a0a835d8bbd8a26a5717327701fcb734f17e7992bb4c5cc9d7d864938641f7b128317e52f4136e226a6c960ba2498b949c2d86886944b9e4f3aa3

    • SSDEEP

      12288:M5/2KDfYG79b81d39JCGrZU6OFhMk/eR6:U2KDf99I1d3bCGre6OFf/eE

    Score
    10/10
    darkcometpersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks