Overview

overview

10

Static

static

3

5844a335e6...18.exe

windows7-x64

10

5844a335e6...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5844a335e69cfc879e1e6770b4e88345_JaffaCakes118

  • Size

    672KB

  • Sample

    241018-s9jxwaxckp

  • MD5

    5844a335e69cfc879e1e6770b4e88345

  • SHA1

    49bf5dccfb9b0006ca579dc582c411a4e5a36291

  • SHA256

    ad6db1ffe6e3e26f3404afcd59bf0364ce07ec425132d15b752c870972cd5652

  • SHA512

    3f24a9df1a53a52266fe39784843380ade5b806fc8b4783ae32808bb0ed54861aa12e8abeb382985eeebf1f68c3a2ee1c5195c843cdbee4d6b8cdb7ddd47171a

  • SSDEEP

    12288:zMjWaZG+drDGBa1as8jI2CbRfWfhcZvgi3l4E+wI92/09JP6Q:xP+wBUJ/9YW4A5+wMo0e

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      5844a335e69cfc879e1e6770b4e88345_JaffaCakes118

    • Size

      672KB

    • MD5

      5844a335e69cfc879e1e6770b4e88345

    • SHA1

      49bf5dccfb9b0006ca579dc582c411a4e5a36291

    • SHA256

      ad6db1ffe6e3e26f3404afcd59bf0364ce07ec425132d15b752c870972cd5652

    • SHA512

      3f24a9df1a53a52266fe39784843380ade5b806fc8b4783ae32808bb0ed54861aa12e8abeb382985eeebf1f68c3a2ee1c5195c843cdbee4d6b8cdb7ddd47171a

    • SSDEEP

      12288:zMjWaZG+drDGBa1as8jI2CbRfWfhcZvgi3l4E+wI92/09JP6Q:xP+wBUJ/9YW4A5+wMo0e

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks