Overview

overview

10

Static

static

10

268a527be7...18.exe

windows7-x64

10

268a527be7...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    268a527be795521c4fb8e7ee9ae3a014_JaffaCakes118

  • Size

    746KB

  • Sample

    240704-2x2ftsthnl

  • MD5

    268a527be795521c4fb8e7ee9ae3a014

  • SHA1

    d30f3951811ab9914bdb154938a5cd2288eeeabb

  • SHA256

    21612605b2a8ad9267d63cc5cf2100c0556eabd58eb9b116e0b3863dbd631adc

  • SHA512

    ba230a79078357d56d143b051735eede724e406f92802e77aa715cbd6fb23d60356baa0e30aa5f204c780db214bc5cc3b8166c5ab9d228e3b63d4900ef7e1aef

  • SSDEEP

    12288:U6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhUbZR:pAmBpVKHu0Mu9Xo20VGLVP5SZR

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      268a527be795521c4fb8e7ee9ae3a014_JaffaCakes118

    • Size

      746KB

    • MD5

      268a527be795521c4fb8e7ee9ae3a014

    • SHA1

      d30f3951811ab9914bdb154938a5cd2288eeeabb

    • SHA256

      21612605b2a8ad9267d63cc5cf2100c0556eabd58eb9b116e0b3863dbd631adc

    • SHA512

      ba230a79078357d56d143b051735eede724e406f92802e77aa715cbd6fb23d60356baa0e30aa5f204c780db214bc5cc3b8166c5ab9d228e3b63d4900ef7e1aef

    • SSDEEP

      12288:U6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhUbZR:pAmBpVKHu0Mu9Xo20VGLVP5SZR

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks