Overview

overview

10

Static

static

3

cdeea75da3...18.exe

windows7-x64

10

cdeea75da3...18.exe

windows10-2004-x64

10

Resubmissions

04/09/2024, 00:26

240904-aq84js1crn 10

01/09/2024, 01:09

240901-bh8ngswdjp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdeea75da3a74740777978d7382ee4f6_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240901-bh8ngswdjp

  • MD5

    cdeea75da3a74740777978d7382ee4f6

  • SHA1

    5808f22d1acef60e4bd74aba0b2059d462bdfc31

  • SHA256

    8637f04a19f7dba7f86b49ce3c5b4918483b5f59285688d703c49dda0b6583ae

  • SHA512

    a34391b177a0e3ce0c0e8989387f46ccbd988753fde4e30b8136d1b268dde8e1b55a55f5b040471f83b29059f59fa76155db61468a2b9fb7c971d63e9a1440a5

  • SSDEEP

    12288:xKtsdQLKWSYiN/3vGA0vVE6F1FCQ56ezLuyM1fw1ijOLqeIJb8UUQ946jr6eyxwT:xvlvEvVERNmI9p656Q9zpDoRkwYycod

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      cdeea75da3a74740777978d7382ee4f6_JaffaCakes118

    • Size

      1.1MB

    • MD5

      cdeea75da3a74740777978d7382ee4f6

    • SHA1

      5808f22d1acef60e4bd74aba0b2059d462bdfc31

    • SHA256

      8637f04a19f7dba7f86b49ce3c5b4918483b5f59285688d703c49dda0b6583ae

    • SHA512

      a34391b177a0e3ce0c0e8989387f46ccbd988753fde4e30b8136d1b268dde8e1b55a55f5b040471f83b29059f59fa76155db61468a2b9fb7c971d63e9a1440a5

    • SSDEEP

      12288:xKtsdQLKWSYiN/3vGA0vVE6F1FCQ56ezLuyM1fw1ijOLqeIJb8UUQ946jr6eyxwT:xvlvEvVERNmI9p656Q9zpDoRkwYycod

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks