Overview

overview

10

Static

static

3

34f778f8f5...18.exe

windows7-x64

10

34f778f8f5...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    34f778f8f581da4d6a112dffe616e848_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240710-q2jk2atdmc

  • MD5

    34f778f8f581da4d6a112dffe616e848

  • SHA1

    5f2261887b25bb628282ee5d8441875ab6aa17e1

  • SHA256

    a501d8be2fe4bcb6a191d8372cae273e03af2987a9fb23a76c93b409b8330048

  • SHA512

    5710d56372dad8097017635c58452555e0082fa8553ed2f586df950f7918955f65d688f12e265f7f0231234447747962c7dac0d4d67d6267bdf922d48e1b213e

  • SSDEEP

    12288:ew0malytV2yU4dWnQPMDEtpQTebPZtfSrCb2DyNRrdKga+M49eNBpobFVXZj0Gbc:QQpsSjjYBpcnJKUAUBUWBShGqF2H8

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      34f778f8f581da4d6a112dffe616e848_JaffaCakes118

    • Size

      1.3MB

    • MD5

      34f778f8f581da4d6a112dffe616e848

    • SHA1

      5f2261887b25bb628282ee5d8441875ab6aa17e1

    • SHA256

      a501d8be2fe4bcb6a191d8372cae273e03af2987a9fb23a76c93b409b8330048

    • SHA512

      5710d56372dad8097017635c58452555e0082fa8553ed2f586df950f7918955f65d688f12e265f7f0231234447747962c7dac0d4d67d6267bdf922d48e1b213e

    • SSDEEP

      12288:ew0malytV2yU4dWnQPMDEtpQTebPZtfSrCb2DyNRrdKga+M49eNBpobFVXZj0Gbc:QQpsSjjYBpcnJKUAUBUWBShGqF2H8

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks