Overview

overview

10

Static

static

3

a7d36192fa...18.exe

windows7-x64

10

a7d36192fa...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7d36192fa60ef5da7eda74fdc005fcf_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241127-phrlvszlar

  • MD5

    a7d36192fa60ef5da7eda74fdc005fcf

  • SHA1

    91fe5e8362a4db0b7c57bf3ccabdecf11c44c110

  • SHA256

    6e9f429578e917fc61bf2a00f7c66d5742fa5ace0a34a6a05cd7380dba890f1a

  • SHA512

    d16a1d60b14f8502555f88e95ef49c3ab4d384d1d1472c333143430cb101a222db9ad5c6a6d1e571fd5079db3d863c8f8e7f56d42bdef3cdddd21539ab102912

  • SSDEEP

    12288:lun+lYhAKRGkxPEknV3OW/+7urXSJP5ATY9cMUftoYvhMlnW1Asnu9orv+yJn81i:lulnyAKQlmofX77a1JstbNld

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      a7d36192fa60ef5da7eda74fdc005fcf_JaffaCakes118

    • Size

      1.3MB

    • MD5

      a7d36192fa60ef5da7eda74fdc005fcf

    • SHA1

      91fe5e8362a4db0b7c57bf3ccabdecf11c44c110

    • SHA256

      6e9f429578e917fc61bf2a00f7c66d5742fa5ace0a34a6a05cd7380dba890f1a

    • SHA512

      d16a1d60b14f8502555f88e95ef49c3ab4d384d1d1472c333143430cb101a222db9ad5c6a6d1e571fd5079db3d863c8f8e7f56d42bdef3cdddd21539ab102912

    • SSDEEP

      12288:lun+lYhAKRGkxPEknV3OW/+7urXSJP5ATY9cMUftoYvhMlnW1Asnu9orv+yJn81i:lulnyAKQlmofX77a1JstbNld

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks