Overview

overview

10

Static

static

3

354d2ae701...18.exe

windows7-x64

10

354d2ae701...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    354d2ae7012225c00f1328c2c51576c2_JaffaCakes118

  • Size

    1.6MB

  • Sample

    241011-rxexqaxcrg

  • MD5

    354d2ae7012225c00f1328c2c51576c2

  • SHA1

    6b3612df62514f276976c1574434b6522ceb8937

  • SHA256

    b64b9397f0213f879597e8b34ed2ea6eabac2a3b64a94546083762df9ad64446

  • SHA512

    0dd01f25431a1a949a4812c5fd8a41da3f8a42b985f60b417b3b90562f7b6050ebd31e6db3059030a74144a789d2f47290855212299de60cd9d91366ee8e400c

  • SSDEEP

    24576:qofkfE7+GSHqOqhpi29tHmAOZ0pw0buHLEdWRZGCxxAz1:Hfks7c8pi27HmAOYw0buHLjZHxU

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      354d2ae7012225c00f1328c2c51576c2_JaffaCakes118

    • Size

      1.6MB

    • MD5

      354d2ae7012225c00f1328c2c51576c2

    • SHA1

      6b3612df62514f276976c1574434b6522ceb8937

    • SHA256

      b64b9397f0213f879597e8b34ed2ea6eabac2a3b64a94546083762df9ad64446

    • SHA512

      0dd01f25431a1a949a4812c5fd8a41da3f8a42b985f60b417b3b90562f7b6050ebd31e6db3059030a74144a789d2f47290855212299de60cd9d91366ee8e400c

    • SSDEEP

      24576:qofkfE7+GSHqOqhpi29tHmAOZ0pw0buHLEdWRZGCxxAz1:Hfks7c8pi27HmAOYw0buHLjZHxU

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks