Overview

overview

10

Static

static

10

f8c595b0ee...18.exe

windows7-x64

10

f8c595b0ee...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8c595b0ee2de1b5bcfe30ba5f78e25d_JaffaCakes118

  • Size

    875KB

  • Sample

    240418-z6mmxsfb77

  • MD5

    f8c595b0ee2de1b5bcfe30ba5f78e25d

  • SHA1

    77a0fdfe5c252cce12e66706514d0d56bb14b86f

  • SHA256

    9ba41cd0356b6dcd14220e3d8cf7dc3ede3affb42aec2e8713cfbc850e540ace

  • SHA512

    0087c96eb714dfb205833bfd51f86da329c9f3ad9d3d8a763042e60d3faecf01a95f4ce5eb1e696ec5473ef8b033b7868b70f73fcfdbdd1ed9beba7c70f6619c

  • SSDEEP

    12288:r9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK2P0JfLY1S8xul:5AQ6Zx9cxTmOrucTIEFSpOGn0J8k8x

Score
10/10
darkcometrattrojan

Malware Config

Targets

    • Target

      f8c595b0ee2de1b5bcfe30ba5f78e25d_JaffaCakes118

    • Size

      875KB

    • MD5

      f8c595b0ee2de1b5bcfe30ba5f78e25d

    • SHA1

      77a0fdfe5c252cce12e66706514d0d56bb14b86f

    • SHA256

      9ba41cd0356b6dcd14220e3d8cf7dc3ede3affb42aec2e8713cfbc850e540ace

    • SHA512

      0087c96eb714dfb205833bfd51f86da329c9f3ad9d3d8a763042e60d3faecf01a95f4ce5eb1e696ec5473ef8b033b7868b70f73fcfdbdd1ed9beba7c70f6619c

    • SSDEEP

      12288:r9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK2P0JfLY1S8xul:5AQ6Zx9cxTmOrucTIEFSpOGn0J8k8x

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks