Overview

overview

10

Static

static

3

b82414e14d...18.exe

windows7-x64

10

b82414e14d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b82414e14db15173d1145fbb77e1aaad_JaffaCakes118

  • Size

    711KB

  • Sample

    241202-m4d7js1pgx

  • MD5

    b82414e14db15173d1145fbb77e1aaad

  • SHA1

    4cafd82aa1c3f43841f58adeb357e857b57d51b7

  • SHA256

    d8b86515c6bfd01b6182e0485080e87dd0e8e7c9fa14e8b77fd0d52a299d3a49

  • SHA512

    4baff641fd74129d3467b63a486029f0f1ceed7834318e47a018d4a97754da719016d09da74759b127be93eb2aad3d9c20c9b8fb78f366c17738bce747f52ccd

  • SSDEEP

    12288:FkEl2g0uimpMomUfOm/k02fZGY0i/k/REbIpdlRI7CeePYdqaus5:hhLS7m/n2fj4CI5RIpqaB

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      b82414e14db15173d1145fbb77e1aaad_JaffaCakes118

    • Size

      711KB

    • MD5

      b82414e14db15173d1145fbb77e1aaad

    • SHA1

      4cafd82aa1c3f43841f58adeb357e857b57d51b7

    • SHA256

      d8b86515c6bfd01b6182e0485080e87dd0e8e7c9fa14e8b77fd0d52a299d3a49

    • SHA512

      4baff641fd74129d3467b63a486029f0f1ceed7834318e47a018d4a97754da719016d09da74759b127be93eb2aad3d9c20c9b8fb78f366c17738bce747f52ccd

    • SSDEEP

      12288:FkEl2g0uimpMomUfOm/k02fZGY0i/k/REbIpdlRI7CeePYdqaus5:hhLS7m/n2fj4CI5RIpqaB

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks