Overview

overview

10

Static

static

3

190b3fc312...18.exe

windows7-x64

10

190b3fc312...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    190b3fc31235c2c08d6fb2b3a276120a_JaffaCakes118

  • Size

    672KB

  • Sample

    241006-v7vmpszhrb

  • MD5

    190b3fc31235c2c08d6fb2b3a276120a

  • SHA1

    dcc5e853b10b11653bb79ffdb51806d5da4d849a

  • SHA256

    692687f713bfc84fd88c7d0ea01b880cb9e4946d371fb643f291bc2e37c00227

  • SHA512

    f2b77c36824a31d4ed75186493bc5acc0097901220b98865beb04206d3cabdb325b2167ab6c179076f7a78a4ca7a5428b6e5c0acdb2b23346feb3192a1602e8e

  • SSDEEP

    12288:64shhbtI/go2ULVYKEjLEAKHfgYAw+FqTArGGYlHf02mKa:64shltdo2URB1/vTaGnHcv

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      190b3fc31235c2c08d6fb2b3a276120a_JaffaCakes118

    • Size

      672KB

    • MD5

      190b3fc31235c2c08d6fb2b3a276120a

    • SHA1

      dcc5e853b10b11653bb79ffdb51806d5da4d849a

    • SHA256

      692687f713bfc84fd88c7d0ea01b880cb9e4946d371fb643f291bc2e37c00227

    • SHA512

      f2b77c36824a31d4ed75186493bc5acc0097901220b98865beb04206d3cabdb325b2167ab6c179076f7a78a4ca7a5428b6e5c0acdb2b23346feb3192a1602e8e

    • SSDEEP

      12288:64shhbtI/go2ULVYKEjLEAKHfgYAw+FqTArGGYlHf02mKa:64shltdo2URB1/vTaGnHcv

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks