Overview

overview

10

Static

static

10

731f51dcfb...18.exe

windows7-x64

10

731f51dcfb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    731f51dcfb5d968e90f82457084f2849_JaffaCakes118

  • Size

    821KB

  • Sample

    240525-y2yzqaha2s

  • MD5

    731f51dcfb5d968e90f82457084f2849

  • SHA1

    0a06d69c986a21f37310b6b0bc4df8b2e66eca3f

  • SHA256

    e033486b4c119f41962837b8b84f91c8d86a3bf6d0b9ce8e5221ef18311f6268

  • SHA512

    a2d4dd55efe459ca2c6e092b58d4b2511dd504b82dbc8277c2a78ca8b0709b97832926467008abbbb01aae991e1a8297e987a9750a8ac93aca5dfd1abbf78f36

  • SSDEEP

    12288:PFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJZYG:d3nbWmJVJFwSddIXvfhqbiaxvRxq9x

Score
10/10
darkcometevasionrattrojan

Malware Config

Targets

    • Target

      731f51dcfb5d968e90f82457084f2849_JaffaCakes118

    • Size

      821KB

    • MD5

      731f51dcfb5d968e90f82457084f2849

    • SHA1

      0a06d69c986a21f37310b6b0bc4df8b2e66eca3f

    • SHA256

      e033486b4c119f41962837b8b84f91c8d86a3bf6d0b9ce8e5221ef18311f6268

    • SHA512

      a2d4dd55efe459ca2c6e092b58d4b2511dd504b82dbc8277c2a78ca8b0709b97832926467008abbbb01aae991e1a8297e987a9750a8ac93aca5dfd1abbf78f36

    • SSDEEP

      12288:PFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJZYG:d3nbWmJVJFwSddIXvfhqbiaxvRxq9x

    Score
    10/10
    darkcometevasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies firewall policy service

      evasion

    • Modifies security service

      evasion

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Windows security modification

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Modify Registry

5
T1112

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks