Overview

overview

10

Static

static

3

6c30154d19...18.exe

windows7-x64

10

6c30154d19...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c30154d198062b85cbe273d0fcbc756_JaffaCakes118

  • Size

    283KB

  • Sample

    241022-2l6w6sxgnd

  • MD5

    6c30154d198062b85cbe273d0fcbc756

  • SHA1

    1b50f373d4d6eff1202525bd10efbce2c7b2ad89

  • SHA256

    cd01729a35abf54bc7a83c198eb39cf6c346293d5cce2ba110d2356d8f22b791

  • SHA512

    7a1037cb08389e242ec6d18897d7940e67519d1a8abacb6ecc0cbee9a0844516840a881431b8c403a91f14c8435e67552505b5c9aadef89c17abebec0cb51a8c

  • SSDEEP

    6144:wZoQSpS+QlpbBISPiW0+NMhZeM0tOrxrRguAoQPeMxmNY:+1J+QlpN30dDrbgdE+

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      6c30154d198062b85cbe273d0fcbc756_JaffaCakes118

    • Size

      283KB

    • MD5

      6c30154d198062b85cbe273d0fcbc756

    • SHA1

      1b50f373d4d6eff1202525bd10efbce2c7b2ad89

    • SHA256

      cd01729a35abf54bc7a83c198eb39cf6c346293d5cce2ba110d2356d8f22b791

    • SHA512

      7a1037cb08389e242ec6d18897d7940e67519d1a8abacb6ecc0cbee9a0844516840a881431b8c403a91f14c8435e67552505b5c9aadef89c17abebec0cb51a8c

    • SSDEEP

      6144:wZoQSpS+QlpbBISPiW0+NMhZeM0tOrxrRguAoQPeMxmNY:+1J+QlpN30dDrbgdE+

    Score
    10/10
    darkcometdiscoverypersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks