Overview

overview

10

Static

static

3

5d4b872dd6...18.exe

windows7-x64

10

5d4b872dd6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d4b872dd6c54fc6bc8e32da382b806c_JaffaCakes118

  • Size

    365KB

  • Sample

    241019-std2pashng

  • MD5

    5d4b872dd6c54fc6bc8e32da382b806c

  • SHA1

    a1628a5cc9df301226dc398a3a9c80f765926287

  • SHA256

    065a027d9dbbd96cdb740da9a315726c090fbea79d74b5d8266d865fb47168ff

  • SHA512

    a608779a765e23c0750e4abd42fc935270b3f4af90e90ea82c95301aa28e49d409a5ea538bf9ef0692d1fe2784f95ac6e2181ebc694b94316e3f6b33907beaf6

  • SSDEEP

    6144:mopNI2vQplSZkOiu9PZ/pJQkB3BzRP926aGSI9u2LlYv5TT7+rgWbh/zkCID+gKg:monvvNVRJ5lB7ymnbh/RICUl

Score
10/10
darkcometdiscoveryrattrojanupx

Malware Config

Targets

    • Target

      5d4b872dd6c54fc6bc8e32da382b806c_JaffaCakes118

    • Size

      365KB

    • MD5

      5d4b872dd6c54fc6bc8e32da382b806c

    • SHA1

      a1628a5cc9df301226dc398a3a9c80f765926287

    • SHA256

      065a027d9dbbd96cdb740da9a315726c090fbea79d74b5d8266d865fb47168ff

    • SHA512

      a608779a765e23c0750e4abd42fc935270b3f4af90e90ea82c95301aa28e49d409a5ea538bf9ef0692d1fe2784f95ac6e2181ebc694b94316e3f6b33907beaf6

    • SSDEEP

      6144:mopNI2vQplSZkOiu9PZ/pJQkB3BzRP926aGSI9u2LlYv5TT7+rgWbh/zkCID+gKg:monvvNVRJ5lB7ymnbh/RICUl

    Score
    10/10
    darkcometdiscoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks