Overview

overview

10

Static

static

10

81d79aec6b...18.exe

windows7-x64

10

81d79aec6b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81d79aec6b1ae0890451f8f677fad3e6_JaffaCakes118

  • Size

    241KB

  • Sample

    241031-gepdbsspdn

  • MD5

    81d79aec6b1ae0890451f8f677fad3e6

  • SHA1

    57724cf76ea0bbd924d53de85481f1278f10d138

  • SHA256

    c6d17cf0f462d539125b4abb7752e9dbd891a9159e52352dd77383a9300f8297

  • SHA512

    2185094655d9ad2a5e26d5249de5fd608b6025c40fe2e108b59dfb835e770113a5e8c0ee82b3f94f774a45f787620d521d4ef5b065cbfc4bb38a50204724c2bb

  • SSDEEP

    6144:t1iJcYtR1HsvpSHY7KoSrfTNBuzZZcA1wnOLrMM4y:tkHcpSHY7VSrfT2/czO3HL

Score
10/10
darkcometdiscoveryrattrojanupx

Malware Config

Targets

    • Target

      81d79aec6b1ae0890451f8f677fad3e6_JaffaCakes118

    • Size

      241KB

    • MD5

      81d79aec6b1ae0890451f8f677fad3e6

    • SHA1

      57724cf76ea0bbd924d53de85481f1278f10d138

    • SHA256

      c6d17cf0f462d539125b4abb7752e9dbd891a9159e52352dd77383a9300f8297

    • SHA512

      2185094655d9ad2a5e26d5249de5fd608b6025c40fe2e108b59dfb835e770113a5e8c0ee82b3f94f774a45f787620d521d4ef5b065cbfc4bb38a50204724c2bb

    • SSDEEP

      6144:t1iJcYtR1HsvpSHY7KoSrfTNBuzZZcA1wnOLrMM4y:tkHcpSHY7VSrfT2/czO3HL

    Score
    10/10
    darkcometdiscoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks