Overview

overview

10

Static

static

10

5c9c834509...18.exe

windows7-x64

10

5c9c834509...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c9c834509ad0fb0e8e072be7978228d_JaffaCakes118

  • Size

    648KB

  • Sample

    240719-tbhslasckg

  • MD5

    5c9c834509ad0fb0e8e072be7978228d

  • SHA1

    1f834492f9169141d02787b86d8113fdf7f9eaf1

  • SHA256

    f3f654713de9f8a91e13ea6ab851ab3240c9d22e916fd967ca3fdc59cf3476e9

  • SHA512

    caa8dc142894dda4bb69de7a55c546499d31c751096ce449a00cc66ec15dde14a6659c6e73648308ca39e03f98d803e97e38477be1d58680708e4982d4684d35

  • SSDEEP

    12288:06A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhi:JAmBpVKHu0Mu9Xo20VGLVP5i

Score
10/10
darkcometpersistencerattrojan

Malware Config

Targets

    • Target

      5c9c834509ad0fb0e8e072be7978228d_JaffaCakes118

    • Size

      648KB

    • MD5

      5c9c834509ad0fb0e8e072be7978228d

    • SHA1

      1f834492f9169141d02787b86d8113fdf7f9eaf1

    • SHA256

      f3f654713de9f8a91e13ea6ab851ab3240c9d22e916fd967ca3fdc59cf3476e9

    • SHA512

      caa8dc142894dda4bb69de7a55c546499d31c751096ce449a00cc66ec15dde14a6659c6e73648308ca39e03f98d803e97e38477be1d58680708e4982d4684d35

    • SSDEEP

      12288:06A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhi:JAmBpVKHu0Mu9Xo20VGLVP5i

    Score
    10/10
    darkcometpersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks