Overview

overview

10

Static

static

3

bfd0430be7...18.exe

windows7-x64

10

bfd0430be7...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bfd0430be7febebee53ae145415dd13c_JaffaCakes118

  • Size

    270KB

  • Sample

    241203-3rzwgswlhj

  • MD5

    bfd0430be7febebee53ae145415dd13c

  • SHA1

    58852d0aa3aa4b25a1be1b614e17b9eb83f639a7

  • SHA256

    a850aa3699317251edea400d0c9d4256391e426eaee220181d51e09f78b542e2

  • SHA512

    5b465023d459d3d81cd020b3bfcc4dbb67f274542d21b1b4c48bd2b8cb1e3e8366a339be8fcd7f976a1765fea1606ebdc8d8045d354fca27381946dca4cc5f88

  • SSDEEP

    6144:blt/WszZoDkzGIf2kLh7HReIxhycXI5FYie6jVVN0:b/WKoUfXh7x6cX8Jj/N0

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      bfd0430be7febebee53ae145415dd13c_JaffaCakes118

    • Size

      270KB

    • MD5

      bfd0430be7febebee53ae145415dd13c

    • SHA1

      58852d0aa3aa4b25a1be1b614e17b9eb83f639a7

    • SHA256

      a850aa3699317251edea400d0c9d4256391e426eaee220181d51e09f78b542e2

    • SHA512

      5b465023d459d3d81cd020b3bfcc4dbb67f274542d21b1b4c48bd2b8cb1e3e8366a339be8fcd7f976a1765fea1606ebdc8d8045d354fca27381946dca4cc5f88

    • SSDEEP

      6144:blt/WszZoDkzGIf2kLh7HReIxhycXI5FYie6jVVN0:b/WKoUfXh7x6cX8Jj/N0

    Score
    10/10
    darkcometdiscoverypersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks