Overview

overview

10

Static

static

3

4cb976a25e...18.exe

windows7-x64

10

4cb976a25e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4cb976a25ed5428c57157d63b61a7838_JaffaCakes118

  • Size

    344KB

  • Sample

    241016-n5f8zaxhqa

  • MD5

    4cb976a25ed5428c57157d63b61a7838

  • SHA1

    645cdc5b079ca7a5312edb8974b202c7cfd18813

  • SHA256

    9cb32a863e5dfebc3bbfef1b82d505321e2b381eddc114172a5c6bbcab6bddd9

  • SHA512

    c416be8724e53b5a3a3e8fe9c50519b6d685f5185fa273cecc9970b3cb1a3939c8e2662e21b514780e681538a582b91f75ea195cfd9d2c4583c37acd9997f3e1

  • SSDEEP

    6144:kjJtF12Wv4hE1Z1CuSzSbyg6/w/+GYcWU2E1bAevKjuRgdj:kltFwOhCuLnOkWUd1bAevTW

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      4cb976a25ed5428c57157d63b61a7838_JaffaCakes118

    • Size

      344KB

    • MD5

      4cb976a25ed5428c57157d63b61a7838

    • SHA1

      645cdc5b079ca7a5312edb8974b202c7cfd18813

    • SHA256

      9cb32a863e5dfebc3bbfef1b82d505321e2b381eddc114172a5c6bbcab6bddd9

    • SHA512

      c416be8724e53b5a3a3e8fe9c50519b6d685f5185fa273cecc9970b3cb1a3939c8e2662e21b514780e681538a582b91f75ea195cfd9d2c4583c37acd9997f3e1

    • SSDEEP

      6144:kjJtF12Wv4hE1Z1CuSzSbyg6/w/+GYcWU2E1bAevKjuRgdj:kltFwOhCuLnOkWUd1bAevTW

    Score
    10/10
    darkcometdiscoverypersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks