Overview

overview

10

Static

static

3

48f3fbf710...18.exe

windows7-x64

10

48f3fbf710...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    48f3fbf710bec98327cabae628714383_JaffaCakes118

  • Size

    454KB

  • Sample

    240715-j5g32szbpf

  • MD5

    48f3fbf710bec98327cabae628714383

  • SHA1

    7fd84208a4448eabf3e141a58a53510fcb6196fc

  • SHA256

    009bf2d035849059dbe9873d8e6d07b47e4eae0a1381a38b0b397c6a5542daeb

  • SHA512

    4a62b7126dc4a07cff85dc5927355f61150ea383b81952541051ed166a3812cdc9a208cfcfc6ef68527525f5f8f01fe611c129b9695514d62a5ecedd72b4fb77

  • SSDEEP

    12288:q75irFtHhu86UL9z7xJAxnBWh6GDpnmRkZFr/qIy:q7q96+z7HAxBWh6GDhmRkr/q

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      48f3fbf710bec98327cabae628714383_JaffaCakes118

    • Size

      454KB

    • MD5

      48f3fbf710bec98327cabae628714383

    • SHA1

      7fd84208a4448eabf3e141a58a53510fcb6196fc

    • SHA256

      009bf2d035849059dbe9873d8e6d07b47e4eae0a1381a38b0b397c6a5542daeb

    • SHA512

      4a62b7126dc4a07cff85dc5927355f61150ea383b81952541051ed166a3812cdc9a208cfcfc6ef68527525f5f8f01fe611c129b9695514d62a5ecedd72b4fb77

    • SSDEEP

      12288:q75irFtHhu86UL9z7xJAxnBWh6GDpnmRkZFr/qIy:q7q96+z7HAxBWh6GDhmRkr/q

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks