Overview

overview

10

Static

static

3

008dcabe50...18.exe

windows7-x64

10

008dcabe50...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    008dcabe50b5597d46ae50efe081efcd_JaffaCakes118

  • Size

    993KB

  • Sample

    240619-z7dreasbna

  • MD5

    008dcabe50b5597d46ae50efe081efcd

  • SHA1

    3f58f79111d376d3780507756924c6f2ec83d7bd

  • SHA256

    b989fd3f8c98dd5852a843e15bda9b43486094bda70746b5d527f24a3e3a0233

  • SHA512

    fe4985beec3e92fe0734dcfc103cf1d0adde30a082876e16c02a812c4a1a254b521010b2e449b7a8ef16b2fadf5be91a7dbb75e88de56ff79123e9267bcf4571

  • SSDEEP

    24576:m1ovI/9+7r+OfjYoKdNdfHoqrvB+lfFD0QZh9u:dugrqtoC

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      008dcabe50b5597d46ae50efe081efcd_JaffaCakes118

    • Size

      993KB

    • MD5

      008dcabe50b5597d46ae50efe081efcd

    • SHA1

      3f58f79111d376d3780507756924c6f2ec83d7bd

    • SHA256

      b989fd3f8c98dd5852a843e15bda9b43486094bda70746b5d527f24a3e3a0233

    • SHA512

      fe4985beec3e92fe0734dcfc103cf1d0adde30a082876e16c02a812c4a1a254b521010b2e449b7a8ef16b2fadf5be91a7dbb75e88de56ff79123e9267bcf4571

    • SSDEEP

      24576:m1ovI/9+7r+OfjYoKdNdfHoqrvB+lfFD0QZh9u:dugrqtoC

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks