Overview

overview

10

Static

static

3

410396770d...18.exe

windows7-x64

10

410396770d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    410396770d75a0aeec4c2ca6e26567b9_JaffaCakes118

  • Size

    748KB

  • Sample

    241013-vfkcna1gqk

  • MD5

    410396770d75a0aeec4c2ca6e26567b9

  • SHA1

    5db1de8df5af4624821870553a85efa6fe0e951b

  • SHA256

    de53afd9c9466ad326fb94a68f5a2ce7326ff0914107f8bd6a250232f52192f4

  • SHA512

    191435329253d0d0478834e27e79d6d79ea0ffa21f774cf20b1a4af28081c7360a077fc2f43759ffa469ed28cf10ddf53972740141e86323c736f827c9a9b03c

  • SSDEEP

    12288:b1dlZo5yOKaGjw5L+0U+Iitz742kg6Sw2g0cJN+bYEQXimPUS9f9ahFw/E9QWvr:b1dlZo5ENjwVzUDuz74Y6t0iy6US9f9m

Score
10/10
darkcometdiscoveryrattrojan

Malware Config

Targets

    • Target

      410396770d75a0aeec4c2ca6e26567b9_JaffaCakes118

    • Size

      748KB

    • MD5

      410396770d75a0aeec4c2ca6e26567b9

    • SHA1

      5db1de8df5af4624821870553a85efa6fe0e951b

    • SHA256

      de53afd9c9466ad326fb94a68f5a2ce7326ff0914107f8bd6a250232f52192f4

    • SHA512

      191435329253d0d0478834e27e79d6d79ea0ffa21f774cf20b1a4af28081c7360a077fc2f43759ffa469ed28cf10ddf53972740141e86323c736f827c9a9b03c

    • SSDEEP

      12288:b1dlZo5yOKaGjw5L+0U+Iitz742kg6Sw2g0cJN+bYEQXimPUS9f9ahFw/E9QWvr:b1dlZo5ENjwVzUDuz74Y6t0iy6US9f9m

    Score
    10/10
    darkcometdiscoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks