Overview

overview

10

Static

static

10

f5f6a9dc81...18.exe

windows7-x64

10

f5f6a9dc81...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5f6a9dc81942c0e2b8578dd911db8b5_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240417-rk9xbsbd93

  • MD5

    f5f6a9dc81942c0e2b8578dd911db8b5

  • SHA1

    90007e58af0b0245f4876055e2cf345dc4bd95e9

  • SHA256

    d8fc0bb9e2ff933ba6b2e72023694a3e3aa21b0764c863096f29023443a97921

  • SHA512

    2dce216ad0bcf8933f4b6781277ba963766234957c1dd138239abe69722bab5034c5a25203f79583a74099250ca57c88b3a34448cb1f9ccf40b64f0f13302356

  • SSDEEP

    12288:caAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdSk6t3a6F:dAEENIq8XwyVPQclDq/+WnpsSSkb6F

Score
10/10
darkcometrattrojan

Malware Config

Targets

    • Target

      f5f6a9dc81942c0e2b8578dd911db8b5_JaffaCakes118

    • Size

      1.3MB

    • MD5

      f5f6a9dc81942c0e2b8578dd911db8b5

    • SHA1

      90007e58af0b0245f4876055e2cf345dc4bd95e9

    • SHA256

      d8fc0bb9e2ff933ba6b2e72023694a3e3aa21b0764c863096f29023443a97921

    • SHA512

      2dce216ad0bcf8933f4b6781277ba963766234957c1dd138239abe69722bab5034c5a25203f79583a74099250ca57c88b3a34448cb1f9ccf40b64f0f13302356

    • SSDEEP

      12288:caAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdSk6t3a6F:dAEENIq8XwyVPQclDq/+WnpsSSkb6F

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks