Overview

overview

10

Static

static

3

48077fc7cd...18.exe

windows7-x64

10

48077fc7cd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48077fc7cdbb7f87e0dd80696b9e5915_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241015-qjcd1azhlk

  • MD5

    48077fc7cdbb7f87e0dd80696b9e5915

  • SHA1

    9c937c8865f82b193ef993c309a96cb813f54c83

  • SHA256

    138988d27839163466eff6805ca41b8ee9a159fb5038e84083f8d77ab4fcd6f5

  • SHA512

    393de570d004e6e708a4513783186e721935a9c8bb52e833da5719b8b4640fa7d3ff2756b78760bd9f0d30db1c76674b2f1696bc93d12ce413a1a9ecda0575bb

  • SSDEEP

    24576:aLUjh/FIFKRKaHYlJyouYoktDoymZJ4CJDKBwmJqQv0myVbpVoHhFCUBag4s/:KyKFUHsJt9o07YJDhmci8p+8ZS

Score
10/10
darkcometguest16discoverypersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

89.176.206.218:443

Mutex

DC_MUTEX-VV70UTU

Attributes
  • gencode

    sqJYz26CSTJA

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      48077fc7cdbb7f87e0dd80696b9e5915_JaffaCakes118

    • Size

      1.2MB

    • MD5

      48077fc7cdbb7f87e0dd80696b9e5915

    • SHA1

      9c937c8865f82b193ef993c309a96cb813f54c83

    • SHA256

      138988d27839163466eff6805ca41b8ee9a159fb5038e84083f8d77ab4fcd6f5

    • SHA512

      393de570d004e6e708a4513783186e721935a9c8bb52e833da5719b8b4640fa7d3ff2756b78760bd9f0d30db1c76674b2f1696bc93d12ce413a1a9ecda0575bb

    • SSDEEP

      24576:aLUjh/FIFKRKaHYlJyouYoktDoymZJ4CJDKBwmJqQv0myVbpVoHhFCUBag4s/:KyKFUHsJt9o07YJDhmci8p+8ZS

    Score
    10/10
    darkcometguest16discoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks