Overview

overview

10

Static

static

3

114613cc76...18.exe

windows7-x64

10

114613cc76...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    114613cc7601f49cd4edc6db3f86d062_JaffaCakes118

  • Size

    436KB

  • Sample

    241004-bwjaraxbnm

  • MD5

    114613cc7601f49cd4edc6db3f86d062

  • SHA1

    ed1075046b045330ca19ad795c99543bcc497693

  • SHA256

    a0ae6d87b3d8def0da447020ae71483b189efff8631d2a4793d88af78a2b68f4

  • SHA512

    6f657724426c2988bcfbc539a5a6c0667083a1b7779ee4876338abf85ba9787e1cd5bf9121ce45957d9d3af18882698ea47962a05f6f70d75a5dabcb341db551

  • SSDEEP

    12288:vu9X4vDVgdvUC7DIKOVS8ZHNfP5rySG2GR:hpgdDIdVSCXFyV

Score
10/10
darkcometguest16_mindiscoveryrattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

jesusiscool.no-ip.biz:1604

Mutex

DCMIN_MUTEX-HFYZ7YV

Attributes
  • gencode

    DRbKkWbZBADz

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      114613cc7601f49cd4edc6db3f86d062_JaffaCakes118

    • Size

      436KB

    • MD5

      114613cc7601f49cd4edc6db3f86d062

    • SHA1

      ed1075046b045330ca19ad795c99543bcc497693

    • SHA256

      a0ae6d87b3d8def0da447020ae71483b189efff8631d2a4793d88af78a2b68f4

    • SHA512

      6f657724426c2988bcfbc539a5a6c0667083a1b7779ee4876338abf85ba9787e1cd5bf9121ce45957d9d3af18882698ea47962a05f6f70d75a5dabcb341db551

    • SSDEEP

      12288:vu9X4vDVgdvUC7DIKOVS8ZHNfP5rySG2GR:hpgdDIdVSCXFyV

    Score
    10/10
    darkcometguest16_mindiscoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks