Overview

overview

10

Static

static

3

3c44c0eea3...18.exe

windows7-x64

10

3c44c0eea3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c44c0eea3ad1902735eeb10f8088a17_JaffaCakes118

  • Size

    1.6MB

  • Sample

    241012-116z2stfkh

  • MD5

    3c44c0eea3ad1902735eeb10f8088a17

  • SHA1

    179cd5f9ed8c97ac55f16f39a3d247b42f6d79b6

  • SHA256

    f7474ff3bed232bfa8756ac5daff50ec36c992e62c1e89944308721a6b78f634

  • SHA512

    c417dcdb8a2958cad119804e24d46f88eedf77fc822b04741eda4096e2ada567e27803a33f3eacb757c59c371960a576c97907a9cd6176e21e27ac27bf80af9a

  • SSDEEP

    24576:7O+Qshyhqj80MVBXnNBSUKBlVB5wAusKMduaOYNt0WPnF9i0tFUDwcgl3g16AO09:amCq4Njd/KVBXuyHqwjJ0tT

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      3c44c0eea3ad1902735eeb10f8088a17_JaffaCakes118

    • Size

      1.6MB

    • MD5

      3c44c0eea3ad1902735eeb10f8088a17

    • SHA1

      179cd5f9ed8c97ac55f16f39a3d247b42f6d79b6

    • SHA256

      f7474ff3bed232bfa8756ac5daff50ec36c992e62c1e89944308721a6b78f634

    • SHA512

      c417dcdb8a2958cad119804e24d46f88eedf77fc822b04741eda4096e2ada567e27803a33f3eacb757c59c371960a576c97907a9cd6176e21e27ac27bf80af9a

    • SSDEEP

      24576:7O+Qshyhqj80MVBXnNBSUKBlVB5wAusKMduaOYNt0WPnF9i0tFUDwcgl3g16AO09:amCq4Njd/KVBXuyHqwjJ0tT

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks