Overview

overview

10

Static

static

3

a596859097...18.exe

windows7-x64

10

a596859097...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a59685909758a4a3e67e388281687f43_JaffaCakes118

  • Size

    458KB

  • Sample

    241127-dmjw2atpfs

  • MD5

    a59685909758a4a3e67e388281687f43

  • SHA1

    d60c77cc7dc4e8e4e5e308ead18abb2a27a1fe7f

  • SHA256

    2c5fd41a76afc0355b5602433a59ab5d3f80aba675300f89ea1212c0ff176cc7

  • SHA512

    2f5f305800a1d45ca72dbd9dcf8bc05c305bf63e8391242c5bbe511ee131288ed9094be7fc9044fd3c52c2ddf5b7ace538777f372b218e32208cae332bfb48bd

  • SSDEEP

    6144:HaKMSD4YuaeKp0yN90QEhdrsKqsirHD3Tm+UMsgg1M7YM0x/Q81AKw2xEQi8ZrO/:6K3D4lamy90rc1uxMi/Q81/w2KQdZ+B

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      a59685909758a4a3e67e388281687f43_JaffaCakes118

    • Size

      458KB

    • MD5

      a59685909758a4a3e67e388281687f43

    • SHA1

      d60c77cc7dc4e8e4e5e308ead18abb2a27a1fe7f

    • SHA256

      2c5fd41a76afc0355b5602433a59ab5d3f80aba675300f89ea1212c0ff176cc7

    • SHA512

      2f5f305800a1d45ca72dbd9dcf8bc05c305bf63e8391242c5bbe511ee131288ed9094be7fc9044fd3c52c2ddf5b7ace538777f372b218e32208cae332bfb48bd

    • SSDEEP

      6144:HaKMSD4YuaeKp0yN90QEhdrsKqsirHD3Tm+UMsgg1M7YM0x/Q81AKw2xEQi8ZrO/:6K3D4lamy90rc1uxMi/Q81/w2KQdZ+B

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks