Overview

overview

10

Static

static

3

010bc5ecba...18.exe

windows7-x64

10

010bc5ecba...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    010bc5ecba45659797b726492bfff2f1_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240622-dsy8xavgme

  • MD5

    010bc5ecba45659797b726492bfff2f1

  • SHA1

    c0521cc3c470df282312dd20636b1206556fef8e

  • SHA256

    8b6879ebd4c2ad7d08d2c22e1b1ae03552c1d1d4d33583e743ae149360b9261a

  • SHA512

    3e4be5398fa38c08fb46a5960f2819b72a051c1cea2e5b674675824c3e73e08c2289f0fc00063dd97e1dd25e969fd48481fccfa08f2e64876fee9e47e32fd576

  • SSDEEP

    24576:aOUNJfReasJC49ut0SuqsGg4kkZ/QIMAxlLzUf/TI:aOUP1sJCAK0Sk4kkyI7x9GTI

Score
10/10
darkcometrattrojan

Malware Config

Targets

    • Target

      010bc5ecba45659797b726492bfff2f1_JaffaCakes118

    • Size

      1.2MB

    • MD5

      010bc5ecba45659797b726492bfff2f1

    • SHA1

      c0521cc3c470df282312dd20636b1206556fef8e

    • SHA256

      8b6879ebd4c2ad7d08d2c22e1b1ae03552c1d1d4d33583e743ae149360b9261a

    • SHA512

      3e4be5398fa38c08fb46a5960f2819b72a051c1cea2e5b674675824c3e73e08c2289f0fc00063dd97e1dd25e969fd48481fccfa08f2e64876fee9e47e32fd576

    • SSDEEP

      24576:aOUNJfReasJC49ut0SuqsGg4kkZ/QIMAxlLzUf/TI:aOUP1sJCAK0Sk4kkyI7x9GTI

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Drops startup file

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks