Overview

overview

10

Static

static

3

a05a3eb015...18.exe

windows7-x64

10

a05a3eb015...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a05a3eb0154e2c75e8b7d61bd1e297f1_JaffaCakes118

  • Size

    400KB

  • Sample

    241126-haj4gsyqat

  • MD5

    a05a3eb0154e2c75e8b7d61bd1e297f1

  • SHA1

    399822b706caaf75baaefd9a5a1566bfa3b7a5d9

  • SHA256

    62ed0e1554cc04a25432641caae3c01dd42cbdebde6d3de39814396be1ed2e68

  • SHA512

    03c194c71eb14bde241f03a3040a700e3f736fe866552acc3fbfa7c92f3b0811af71a1beda7dea46d347c6d62fa0bf799c860c26b6d6fb1ea5423da77d8e6f38

  • SSDEEP

    6144:0peyHHFGMNqRzWbtHMsT+GRVYHj6ezImhds3D9nVW5GJZ2tNYLj8MfsNMAit+:ee2lGMkRzWhnJYDRnzKBVzYKj86sy+

Score
10/10
darkcometbootkitdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      a05a3eb0154e2c75e8b7d61bd1e297f1_JaffaCakes118

    • Size

      400KB

    • MD5

      a05a3eb0154e2c75e8b7d61bd1e297f1

    • SHA1

      399822b706caaf75baaefd9a5a1566bfa3b7a5d9

    • SHA256

      62ed0e1554cc04a25432641caae3c01dd42cbdebde6d3de39814396be1ed2e68

    • SHA512

      03c194c71eb14bde241f03a3040a700e3f736fe866552acc3fbfa7c92f3b0811af71a1beda7dea46d347c6d62fa0bf799c860c26b6d6fb1ea5423da77d8e6f38

    • SSDEEP

      6144:0peyHHFGMNqRzWbtHMsT+GRVYHj6ezImhds3D9nVW5GJZ2tNYLj8MfsNMAit+:ee2lGMkRzWhnJYDRnzKBVzYKj86sy+

    Score
    10/10
    darkcometbootkitdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks