Overview

overview

10

Static

static

3

7829da320b...18.exe

windows7-x64

10

7829da320b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7829da320b833431fb1d5d0b1a69e2be_JaffaCakes118

  • Size

    940KB

  • Sample

    240727-n84tfasaka

  • MD5

    7829da320b833431fb1d5d0b1a69e2be

  • SHA1

    bfefce3b02e7ec906d5d79823f04dcaf2002be1b

  • SHA256

    945b04833b9345fe856c5246dab7c01863e5a06016ec6b9836f6c269202149b5

  • SHA512

    900cd7f01c6d4d251ed1ea77e4498d84c07f9a48b540f9e041b16642ed985a033caa1667783f01adbb0a17a72cb46433e62bfd678fd4c296b64cdffed409a4a3

  • SSDEEP

    12288:oMYIWfFq6mgOmJbJPTLUfkF1w8fbN3+J86FMSaJ/q3NSo76ZBvu6Yoa/TBiFrO+E:oX3CkF1w8T1+J86F/uq3Mo6ZYoatE5v

Score
10/10
darkcometdiscoveryrattrojan

Malware Config

Targets

    • Target

      7829da320b833431fb1d5d0b1a69e2be_JaffaCakes118

    • Size

      940KB

    • MD5

      7829da320b833431fb1d5d0b1a69e2be

    • SHA1

      bfefce3b02e7ec906d5d79823f04dcaf2002be1b

    • SHA256

      945b04833b9345fe856c5246dab7c01863e5a06016ec6b9836f6c269202149b5

    • SHA512

      900cd7f01c6d4d251ed1ea77e4498d84c07f9a48b540f9e041b16642ed985a033caa1667783f01adbb0a17a72cb46433e62bfd678fd4c296b64cdffed409a4a3

    • SSDEEP

      12288:oMYIWfFq6mgOmJbJPTLUfkF1w8fbN3+J86FMSaJ/q3NSo76ZBvu6Yoa/TBiFrO+E:oX3CkF1w8T1+J86F/uq3Mo6ZYoatE5v

    Score
    10/10
    darkcometdiscoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks