Overview

overview

10

Static

static

3

8319cdaa2d...18.exe

windows7-x64

10

8319cdaa2d...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8319cdaa2d42103a0a9e5d4bf15669ba_JaffaCakes118

  • Size

    994KB

  • Sample

    240802-fhahxaxajn

  • MD5

    8319cdaa2d42103a0a9e5d4bf15669ba

  • SHA1

    4a138b472079fa7e61f68cc63d227bd811098042

  • SHA256

    f030c74b674f2370123e3ab0e749a21aa179501291941a5c298f4c1890ee580e

  • SHA512

    6e66f78ef556aa3a7f22ba7b2ffc7ae5d63a981f77d4f8bdfde2031e0cc29dcc2e65ad8bdaf1d295b1c23a2dbdd5365d78ac0e6aa1306a919366476e22c0188b

  • SSDEEP

    24576:F8Tobhrw5jdZxy4CDyH+pA0/hv2zOTglCMoDDd:Oi4B+phgoMkDd

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      8319cdaa2d42103a0a9e5d4bf15669ba_JaffaCakes118

    • Size

      994KB

    • MD5

      8319cdaa2d42103a0a9e5d4bf15669ba

    • SHA1

      4a138b472079fa7e61f68cc63d227bd811098042

    • SHA256

      f030c74b674f2370123e3ab0e749a21aa179501291941a5c298f4c1890ee580e

    • SHA512

      6e66f78ef556aa3a7f22ba7b2ffc7ae5d63a981f77d4f8bdfde2031e0cc29dcc2e65ad8bdaf1d295b1c23a2dbdd5365d78ac0e6aa1306a919366476e22c0188b

    • SSDEEP

      24576:F8Tobhrw5jdZxy4CDyH+pA0/hv2zOTglCMoDDd:Oi4B+phgoMkDd

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks