Overview

overview

10

Static

static

3

6b3d084081...18.exe

windows7-x64

10

6b3d084081...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b3d08408196136d53b87a35edd27aac_JaffaCakes118

  • Size

    5.3MB

  • Sample

    241022-trm29awclq

  • MD5

    6b3d08408196136d53b87a35edd27aac

  • SHA1

    80f77df6dee1b933e49236ee45130882f330a1e7

  • SHA256

    bbd03c255d076b019dc9b6c865e54c98a27043d63f846c480a8d64f51fcbed56

  • SHA512

    5a0b5b7862bb6a2f84a0478d3d516a4783510e31c25c88619c663cc5c6b0f0671288167bc0f41b10f3fefb5cb0a870689c9a1b917ad7c087dc4268dda06b6598

  • SSDEEP

    12288:bKQsiho0NfHvLIdgspHaBnlIAE2w+F0k5f3SPblHmIW8h+DsaGdACsvmsxw06k:zfx9B

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      6b3d08408196136d53b87a35edd27aac_JaffaCakes118

    • Size

      5.3MB

    • MD5

      6b3d08408196136d53b87a35edd27aac

    • SHA1

      80f77df6dee1b933e49236ee45130882f330a1e7

    • SHA256

      bbd03c255d076b019dc9b6c865e54c98a27043d63f846c480a8d64f51fcbed56

    • SHA512

      5a0b5b7862bb6a2f84a0478d3d516a4783510e31c25c88619c663cc5c6b0f0671288167bc0f41b10f3fefb5cb0a870689c9a1b917ad7c087dc4268dda06b6598

    • SSDEEP

      12288:bKQsiho0NfHvLIdgspHaBnlIAE2w+F0k5f3SPblHmIW8h+DsaGdACsvmsxw06k:zfx9B

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks