Overview

overview

10

Static

static

3

01bf80891f...18.exe

windows7-x64

10

01bf80891f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01bf80891fa18e0ad890845c7d73a0bb_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240622-mwm5gsvcqd

  • MD5

    01bf80891fa18e0ad890845c7d73a0bb

  • SHA1

    0df0b2d97bdbf103374906d88c6549ae67cd050e

  • SHA256

    3b86ee63cb663ee4ac270f50910cfd5f72f72d4a88017f236f7ca055a2377795

  • SHA512

    f3c37892cbdc360db187aa16e2cc072898101b2b609c8fa66fb011d360a33a2328cfa055e50f77d312737d2d96520fd048b8684ed0a9578755a4bd99cf74cfd9

  • SSDEEP

    24576:h5Y8WP5oC5Cq/01fPpKo0FSnJ4JALHF6kwpiCxQkZlBS+fIFALsA3XVPBn:BWP5o+V81fxdJgHQW7wu7

Score
10/10
darkcometrattrojan

Malware Config

Targets

    • Target

      01bf80891fa18e0ad890845c7d73a0bb_JaffaCakes118

    • Size

      1.8MB

    • MD5

      01bf80891fa18e0ad890845c7d73a0bb

    • SHA1

      0df0b2d97bdbf103374906d88c6549ae67cd050e

    • SHA256

      3b86ee63cb663ee4ac270f50910cfd5f72f72d4a88017f236f7ca055a2377795

    • SHA512

      f3c37892cbdc360db187aa16e2cc072898101b2b609c8fa66fb011d360a33a2328cfa055e50f77d312737d2d96520fd048b8684ed0a9578755a4bd99cf74cfd9

    • SSDEEP

      24576:h5Y8WP5oC5Cq/01fPpKo0FSnJ4JALHF6kwpiCxQkZlBS+fIFALsA3XVPBn:BWP5o+V81fxdJgHQW7wu7

    Score
    10/10
    darkcometrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks