Overview

overview

10

Static

static

3

3a0965c3dc...18.exe

windows7-x64

10

3a0965c3dc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a0965c3dc981b3b69a4faefb06f8d5a_JaffaCakes118

  • Size

    604KB

  • Sample

    241012-prv1msveqp

  • MD5

    3a0965c3dc981b3b69a4faefb06f8d5a

  • SHA1

    73b78a58bb6b12761b95e1e0a34fc8f2a12d6087

  • SHA256

    b7489821fb698832a52828d5f8667691ceb13d3dc5c00ed53b97a5f7bdc453e9

  • SHA512

    9e2a2db7476122c3167e2ed26c17e9817ed8186e4ca5210b58b32f8e7636d133e9d148503f05ac70530b4be022aa633925c65fd158eab6d2fb8bf5ddb4661970

  • SSDEEP

    12288:PaXHJofJsWD7nWiPnAPJa3/6iJNyTpLp/D5SLPytXvzBsOCK8x3EpWyO:y3JoREiPn56iJ2pEyPsOWUC

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      3a0965c3dc981b3b69a4faefb06f8d5a_JaffaCakes118

    • Size

      604KB

    • MD5

      3a0965c3dc981b3b69a4faefb06f8d5a

    • SHA1

      73b78a58bb6b12761b95e1e0a34fc8f2a12d6087

    • SHA256

      b7489821fb698832a52828d5f8667691ceb13d3dc5c00ed53b97a5f7bdc453e9

    • SHA512

      9e2a2db7476122c3167e2ed26c17e9817ed8186e4ca5210b58b32f8e7636d133e9d148503f05ac70530b4be022aa633925c65fd158eab6d2fb8bf5ddb4661970

    • SSDEEP

      12288:PaXHJofJsWD7nWiPnAPJa3/6iJNyTpLp/D5SLPytXvzBsOCK8x3EpWyO:y3JoREiPn56iJ2pEyPsOWUC

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks