Overview

overview

10

Static

static

3

355dbc64f5...18.exe

windows7-x64

10

355dbc64f5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    355dbc64f55f871ce2711b17a25eec4c_JaffaCakes118

  • Size

    477KB

  • Sample

    240710-s6rtbawcnm

  • MD5

    355dbc64f55f871ce2711b17a25eec4c

  • SHA1

    3e7af657052b32b5e719300f4a475d90c1739dbf

  • SHA256

    41430b95db2607ee05c4facbeb8131fd51aec02ca1ce39cb96607034765bbf02

  • SHA512

    6eae9ced939b05ea8441173fbccf1d4236b8fea5be8c961baa278d894ade328dffd6cb35ba2772d8bc1fc2ecad348eca446ef7a6a2ec3cb68abd2bfcebaf5a75

  • SSDEEP

    12288:8IhDE0osWQYhu8VDkfvcdBT8Cf/JEeyFi:8IOQn8VRYUHIi

Score
10/10
darkcometguest16_minrattrojan

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

192.168.1.117:80

Mutex

DCMIN_MUTEX-JFBNSZM

Attributes
  • gencode

    XkB4sMw7tBoi

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      355dbc64f55f871ce2711b17a25eec4c_JaffaCakes118

    • Size

      477KB

    • MD5

      355dbc64f55f871ce2711b17a25eec4c

    • SHA1

      3e7af657052b32b5e719300f4a475d90c1739dbf

    • SHA256

      41430b95db2607ee05c4facbeb8131fd51aec02ca1ce39cb96607034765bbf02

    • SHA512

      6eae9ced939b05ea8441173fbccf1d4236b8fea5be8c961baa278d894ade328dffd6cb35ba2772d8bc1fc2ecad348eca446ef7a6a2ec3cb68abd2bfcebaf5a75

    • SSDEEP

      12288:8IhDE0osWQYhu8VDkfvcdBT8Cf/JEeyFi:8IOQn8VRYUHIi

    Score
    10/10
    darkcometguest16_minrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks