Overview

overview

10

Static

static

3

41e55cbc35...18.exe

windows7-x64

10

41e55cbc35...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    41e55cbc35c3e957ad771fd307d27442_JaffaCakes118

  • Size

    988KB

  • Sample

    240713-qwrpfsvdqh

  • MD5

    41e55cbc35c3e957ad771fd307d27442

  • SHA1

    e1e2344bb8b3062e956e43f7f06595a9883244d3

  • SHA256

    d981ce836347ca5953d69430af81002c1909764c860621b514b5a8bed77937b6

  • SHA512

    ecb3beac7050c69f5ff1ad62083f7d89e55945d5746cfea21e4d89258896d4edb9bef9e64d66c431eaf5e400f94c4285432446a4435af0c546687e59fff181df

  • SSDEEP

    12288:MMjkMJBoBRlTuBfqh5Tk6a3+nCjNh/RPqpqzYDcxESbnNvtL2ZwmbHUpWwhdG:MMjSL61D3VTxqpObNvx2ZwmHUP8

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      41e55cbc35c3e957ad771fd307d27442_JaffaCakes118

    • Size

      988KB

    • MD5

      41e55cbc35c3e957ad771fd307d27442

    • SHA1

      e1e2344bb8b3062e956e43f7f06595a9883244d3

    • SHA256

      d981ce836347ca5953d69430af81002c1909764c860621b514b5a8bed77937b6

    • SHA512

      ecb3beac7050c69f5ff1ad62083f7d89e55945d5746cfea21e4d89258896d4edb9bef9e64d66c431eaf5e400f94c4285432446a4435af0c546687e59fff181df

    • SSDEEP

      12288:MMjkMJBoBRlTuBfqh5Tk6a3+nCjNh/RPqpqzYDcxESbnNvtL2ZwmbHUpWwhdG:MMjSL61D3VTxqpObNvx2ZwmHUP8

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks