Overview

overview

10

Static

static

3

fc7cb881cc...18.exe

windows7-x64

10

fc7cb881cc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc7cb881cce701a7aa0e66db5343a08b_JaffaCakes118

  • Size

    719KB

  • Sample

    240420-lwjlmadh23

  • MD5

    fc7cb881cce701a7aa0e66db5343a08b

  • SHA1

    8aabd3472aadda2df50f491d8868924fbd02400b

  • SHA256

    41d83459aad53dd5da4346d33bd8df6648f7da7a12a0ebc5f0e8aeb1bb4ebed9

  • SHA512

    1d2ae10224e40d3fe1c5d5848afa91898b23b1dd8df104c689d911a10a899674d6cc7620c76c35113cf7de0db5fed31fe64934b74607289d6e6ec3f2f389e749

  • SSDEEP

    12288:5ZwHOyR7qnrIP1coEheYLpv2vlUUSNIRLNvWuWPm6NT4ITMRRLjDlCjI:LT6KJgN+GNwmVRRDkM

Score
10/10
darkcometguest16persistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rattenjunge.zapto.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    4cjU6YoJ5VXp

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      fc7cb881cce701a7aa0e66db5343a08b_JaffaCakes118

    • Size

      719KB

    • MD5

      fc7cb881cce701a7aa0e66db5343a08b

    • SHA1

      8aabd3472aadda2df50f491d8868924fbd02400b

    • SHA256

      41d83459aad53dd5da4346d33bd8df6648f7da7a12a0ebc5f0e8aeb1bb4ebed9

    • SHA512

      1d2ae10224e40d3fe1c5d5848afa91898b23b1dd8df104c689d911a10a899674d6cc7620c76c35113cf7de0db5fed31fe64934b74607289d6e6ec3f2f389e749

    • SSDEEP

      12288:5ZwHOyR7qnrIP1coEheYLpv2vlUUSNIRLNvWuWPm6NT4ITMRRLjDlCjI:LT6KJgN+GNwmVRRDkM

    Score
    10/10
    darkcometguest16persistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks