Overview

overview

10

Static

static

10

9a10fd9402...18.exe

windows7-x64

10

9a10fd9402...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a10fd9402f430eaf52a7dbb562997c9_JaffaCakes118

  • Size

    658KB

  • Sample

    240606-gca3xshg2v

  • MD5

    9a10fd9402f430eaf52a7dbb562997c9

  • SHA1

    7c2978c9229eb9b1a85235d164d002f84e99f005

  • SHA256

    56b237b519bf0ff53cde47321e1420800ef7f8d1f29739e8137db59050837d56

  • SHA512

    e8d3d11dd79bef2beaa2acc69198b5089b402fbbb1397db8a54995cb6bdea8b970c78376c77ca6810ab68bb1bf282eae34f8d6f22959952ab853aa9691602080

  • SSDEEP

    12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFJ:6iBIGkbxqEcjsWiDxguehC2SK

Score
10/10
darkcometguest16evasionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

agamon888.hopto.org:1604

Mutex

DC_MUTEX-15WRC0Z

Attributes
  • gencode

    NnWs4Qut2Lls

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      9a10fd9402f430eaf52a7dbb562997c9_JaffaCakes118

    • Size

      658KB

    • MD5

      9a10fd9402f430eaf52a7dbb562997c9

    • SHA1

      7c2978c9229eb9b1a85235d164d002f84e99f005

    • SHA256

      56b237b519bf0ff53cde47321e1420800ef7f8d1f29739e8137db59050837d56

    • SHA512

      e8d3d11dd79bef2beaa2acc69198b5089b402fbbb1397db8a54995cb6bdea8b970c78376c77ca6810ab68bb1bf282eae34f8d6f22959952ab853aa9691602080

    • SSDEEP

      12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFJ:6iBIGkbxqEcjsWiDxguehC2SK

    Score
    10/10
    darkcometguest16evasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies firewall policy service

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks