Overview

overview

10

Static

static

10

4172f0aa20...18.exe

windows7-x64

10

4172f0aa20...18.exe

windows10-2004-x64

10

Resubmissions

13/10/2024, 18:45

241013-xefdessaqd 10

13/10/2024, 18:44

241013-xdny6swfnq 10

13/10/2024, 18:39

241013-xa1tkawelp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4172f0aa201c6f3ca946333239309ccb_JaffaCakes118

  • Size

    658KB

  • Sample

    241013-xa1tkawelp

  • MD5

    4172f0aa201c6f3ca946333239309ccb

  • SHA1

    355f370fa69fbe523486a75b9ae93afa16495c97

  • SHA256

    000154d8c595788dbb62f90ae6c5e70e2e3d0858bde5d31b90c26c6107a49fa0

  • SHA512

    424c99bdc3e050734c3d1ec56dd6ebd9a805145c65c4a2012ed3f95878539e396994677a60bded47dc9b1bb18bdcc7dae0c19bab5467ccfcab14a8966c78ce41

  • SSDEEP

    12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKH:3AQ6Zx9cxTmOrucTIEFSpOGm

Score
10/10
darkcometdiscoveryevasionrattrojan

Malware Config

Targets

    • Target

      4172f0aa201c6f3ca946333239309ccb_JaffaCakes118

    • Size

      658KB

    • MD5

      4172f0aa201c6f3ca946333239309ccb

    • SHA1

      355f370fa69fbe523486a75b9ae93afa16495c97

    • SHA256

      000154d8c595788dbb62f90ae6c5e70e2e3d0858bde5d31b90c26c6107a49fa0

    • SHA512

      424c99bdc3e050734c3d1ec56dd6ebd9a805145c65c4a2012ed3f95878539e396994677a60bded47dc9b1bb18bdcc7dae0c19bab5467ccfcab14a8966c78ce41

    • SSDEEP

      12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKH:3AQ6Zx9cxTmOrucTIEFSpOGm

    Score
    10/10
    darkcometdiscoveryevasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Windows security bypass

      evasiontrojan

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Windows security modification

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks