Overview

overview

10

Static

static

3

20fe00708e...18.exe

windows7-x64

10

20fe00708e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20fe00708e602030f60b65b932fb363f_JaffaCakes118

  • Size

    671KB

  • Sample

    240703-egbtxawekd

  • MD5

    20fe00708e602030f60b65b932fb363f

  • SHA1

    4ae80fcbe37a904ff6e11afc4c1903af3508d8c1

  • SHA256

    8ebca9c9b08d262bdfc8404b6e3fe613d72559ceed472697c8a18516cffa6f0b

  • SHA512

    36852ab7bc806a8fada35aea2dceca421d7eb224c77f9f7a96d4082ae54dcfa1bceeb235cd13bd91e58ca464964aef748ec59ae4b243df8dda29c6e6f042c857

  • SSDEEP

    12288:gct6uajWUCmDDHFHTpFZoiHArXjHVC3wyc4YEsxyivt6jEiLg9Uo6yyKkHtKweSX:Lt6WHahHT/Zoigr43Dc4Yryivt6jEiOe

Score
10/10
darkcometguest16rattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    k6zTnjl8pLYL

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      20fe00708e602030f60b65b932fb363f_JaffaCakes118

    • Size

      671KB

    • MD5

      20fe00708e602030f60b65b932fb363f

    • SHA1

      4ae80fcbe37a904ff6e11afc4c1903af3508d8c1

    • SHA256

      8ebca9c9b08d262bdfc8404b6e3fe613d72559ceed472697c8a18516cffa6f0b

    • SHA512

      36852ab7bc806a8fada35aea2dceca421d7eb224c77f9f7a96d4082ae54dcfa1bceeb235cd13bd91e58ca464964aef748ec59ae4b243df8dda29c6e6f042c857

    • SSDEEP

      12288:gct6uajWUCmDDHFHTpFZoiHArXjHVC3wyc4YEsxyivt6jEiLg9Uo6yyKkHtKweSX:Lt6WHahHT/Zoigr43Dc4Yryivt6jEiOe

    Score
    10/10
    darkcometguest16rattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Program crash

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks