Overview

overview

10

Static

static

3

1814d0dd23...18.exe

windows7-x64

10

1814d0dd23...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1814d0dd236332062e799516bfaf7ca0_JaffaCakes118

  • Size

    872KB

  • Sample

    241006-pm4rzstemk

  • MD5

    1814d0dd236332062e799516bfaf7ca0

  • SHA1

    2a649cb42c76001ff9ff7a6e4a26863ea206039a

  • SHA256

    417e9c969575785680a6146a6f8c302d454304d24b8e8d43c8c621d56f79c22f

  • SHA512

    30213fcd373e64abe7c3cb45a44273e78f32cc3f85abfc47b928f2a1754288ee9757a96028e7d0dacaac3f6708f544bf0ac6f9a3ba5440d212a52168f4d2a464

  • SSDEEP

    12288:GqHUvn8c7YwP+5Omwe5aqe3RaLuIelZ89nQfwZ9XG4Oem5YAVS8qi4QtKGL6:GbTYT5uqe3RaYJwDW1eh3drGL6

Score
10/10
darkcometvantomhelldiscoverypersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

VantomHell

C2

skynet3310.zapto.org:1604

Mutex

DC_MUTEX-E0XQU97

Attributes
  • gencode

    ER6pH0mCp3uT

  • install

    false

  • offline_keylogger

    true

  • password

    webland3310

  • persistence

    false

Targets

    • Target

      1814d0dd236332062e799516bfaf7ca0_JaffaCakes118

    • Size

      872KB

    • MD5

      1814d0dd236332062e799516bfaf7ca0

    • SHA1

      2a649cb42c76001ff9ff7a6e4a26863ea206039a

    • SHA256

      417e9c969575785680a6146a6f8c302d454304d24b8e8d43c8c621d56f79c22f

    • SHA512

      30213fcd373e64abe7c3cb45a44273e78f32cc3f85abfc47b928f2a1754288ee9757a96028e7d0dacaac3f6708f544bf0ac6f9a3ba5440d212a52168f4d2a464

    • SSDEEP

      12288:GqHUvn8c7YwP+5Omwe5aqe3RaLuIelZ89nQfwZ9XG4Oem5YAVS8qi4QtKGL6:GbTYT5uqe3RaYJwDW1eh3drGL6

    Score
    10/10
    darkcometvantomhelldiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks