Overview

overview

10

Static

static

3

5e97b091d9...18.exe

windows7-x64

10

5e97b091d9...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e97b091d9c83a66ecc69e84f9dcb43d_JaffaCakes118

  • Size

    2.5MB

  • Sample

    241019-zkhf3sxhpb

  • MD5

    5e97b091d9c83a66ecc69e84f9dcb43d

  • SHA1

    f71b7b846bf97b5502e962ba83319dd58ccd7471

  • SHA256

    eb7184a82acfe5b4fa69514cabebb4dc6f72f4fa6243c6267c284d98bda667b8

  • SHA512

    5acb2f6ad617b1ef9eb3362cce390f34976d93eb1291560e45c1e6dc17a87ffc65171dff15d914df6ab44f18dfc5c91bbf85b43a170ded5196668d96924d7a6f

  • SSDEEP

    24576:3doY1DF+ggY1gsMRIdvZ3wjjD4WJ2IRg8Dc1iCxtMPt2yTPILDwVBODr0worP0cO:Gy+gV+RjsWJ6HGPlPnBODgF57zby3Lb

Score
10/10
darkcometdiscoveryrattrojan

Malware Config

Targets

    • Target

      5e97b091d9c83a66ecc69e84f9dcb43d_JaffaCakes118

    • Size

      2.5MB

    • MD5

      5e97b091d9c83a66ecc69e84f9dcb43d

    • SHA1

      f71b7b846bf97b5502e962ba83319dd58ccd7471

    • SHA256

      eb7184a82acfe5b4fa69514cabebb4dc6f72f4fa6243c6267c284d98bda667b8

    • SHA512

      5acb2f6ad617b1ef9eb3362cce390f34976d93eb1291560e45c1e6dc17a87ffc65171dff15d914df6ab44f18dfc5c91bbf85b43a170ded5196668d96924d7a6f

    • SSDEEP

      24576:3doY1DF+ggY1gsMRIdvZ3wjjD4WJ2IRg8Dc1iCxtMPt2yTPILDwVBODr0worP0cO:Gy+gV+RjsWJ6HGPlPnBODgF57zby3Lb

    Score
    10/10
    darkcometdiscoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks