Overview

overview

10

Static

static

10

CDKServ2.exe

windows7-x64

10

CDKServ2.exe

windows10-2004-x64

10

GAME_C~1.exe

windows7-x64

1

GAME_C~1.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab73bc754edb5b16d1a9d2bffc673b68_JaffaCakes118

  • Size

    476KB

  • Sample

    241128-h3nblswlcp

  • MD5

    ab73bc754edb5b16d1a9d2bffc673b68

  • SHA1

    370e6915c0aa61ead4182e7456325ab95a8101bb

  • SHA256

    8678a32bd7abdcdc905dde64afc0d670d24a7b71b75aaef709d51eacd8646605

  • SHA512

    5604e7dea214c0f795aade4ab29703a5f543506d769b4b2ccba50ea9b0bf7b9cddafbf0ffc75675d800a13d0355795b4d805947ae4636125d54d40d62066b321

  • SSDEEP

    12288:mK8Gbz+jBfameSTdtcIVsy4RxRuaB3YHDjwgU:BnOfaZSZttVsy+xHW/8

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      CDKServ2.exe

    • Size

      659KB

    • MD5

      a495d2d70488d972fd59a131057177b8

    • SHA1

      5a378bfdd0c0588a6147814a94473c7945221a43

    • SHA256

      e96b4b4d335b0ef0fa83b87d278b560dbf0194a7fe30d4fefc1c8733c7769253

    • SHA512

      2406d61e68b7edcf7cb941418c9f63270e7e0241b1152b1c69576a086315cb32bf1e1718f79900d8839b648cf16868a52038e3a5488595b770dad22f521cbfc8

    • SSDEEP

      12288:59AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKX:/AQ6Zx9cxTmOrucTIEFSpOG6

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      GAME_C~1.EXE

    • Size

      1.1MB

    • MD5

      ab84c8e854eacdc2d48eba93d5d6bdc4

    • SHA1

      a0d533922daaad25b1e425d28a4d70a2527cf72e

    • SHA256

      c521a972c845a848a5f26303982028745f409a601025b6e05d604f56dfa59ddf

    • SHA512

      9bdddf857b2167f41bb6878476958bdc0ad809d986e4138165b36a10ce22268f08059044546c85887af019d4cca79040b5b612bc630cca02531afbe37164cba4

    • SSDEEP

      12288:hCbNV+AHYSbtFD+8HnniDpziqe7PbcHYSbtFD+8:h8NN4O28Hnidic4O28

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks