Overview

overview

10

Static

static

3

6511cd8bac...18.exe

windows7-x64

10

6511cd8bac...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6511cd8bacf71785e3acb41bf81b2d76_JaffaCakes118

  • Size

    253KB

  • Sample

    241021-bttnps1gnf

  • MD5

    6511cd8bacf71785e3acb41bf81b2d76

  • SHA1

    2ea28262840ded42cc8ca168ef0d1858f46c15e4

  • SHA256

    727737a5f5d2364f5d739ab5ce48a89ee42dfa4f41e79483828e0c5b211e67c7

  • SHA512

    30560122175a2750be5c176e4dd224d45a0181c2c8008c949bf3958606a61372b53f1672b0f7bd5de14939ab80743580fb5f7aed723d37e47d4d2a3506f094d9

  • SSDEEP

    6144:rXGG//mXUw3dCddX0jr3CVPcPEmkzw6B6Fd++b71OKu7cL5:rXGi/2UwNsQOVP4biMFdn9qcL5

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      6511cd8bacf71785e3acb41bf81b2d76_JaffaCakes118

    • Size

      253KB

    • MD5

      6511cd8bacf71785e3acb41bf81b2d76

    • SHA1

      2ea28262840ded42cc8ca168ef0d1858f46c15e4

    • SHA256

      727737a5f5d2364f5d739ab5ce48a89ee42dfa4f41e79483828e0c5b211e67c7

    • SHA512

      30560122175a2750be5c176e4dd224d45a0181c2c8008c949bf3958606a61372b53f1672b0f7bd5de14939ab80743580fb5f7aed723d37e47d4d2a3506f094d9

    • SSDEEP

      6144:rXGG//mXUw3dCddX0jr3CVPcPEmkzw6B6Fd++b71OKu7cL5:rXGi/2UwNsQOVP4biMFdn9qcL5

    Score
    10/10
    darkcometdiscoverypersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks