Overview

overview

10

Static

static

3

cfc90475af...18.exe

windows7-x64

10

cfc90475af...18.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfc90475af80ae607376e211094ee445_JaffaCakes118

  • Size

    846KB

  • Sample

    241207-arelbswkew

  • MD5

    cfc90475af80ae607376e211094ee445

  • SHA1

    04496e446d423f34fb02a77a98de4a8c648cb7a8

  • SHA256

    0a18cd77892a80f46568432760623ee18e3c407b807063b0c2e25aca16e37aa4

  • SHA512

    7155626403c678006ae5f52b7d1566c854a847387d0177f912c0a8fd5c74458706863231f329ac243bd25ebca7765d22a946c6ad8843532515588490781f84c1

  • SSDEEP

    12288:OOfBr/G+fxNtf5sHO0fjidESYY+Pa9JG7e8AWbDeoRnRUVqRt9/DJg:5/G+dhl0rqYY+P0IFDeERUyC

Score
10/10
darkcometdiscoveryevasionrattrojan

Malware Config

Targets

    • Target

      cfc90475af80ae607376e211094ee445_JaffaCakes118

    • Size

      846KB

    • MD5

      cfc90475af80ae607376e211094ee445

    • SHA1

      04496e446d423f34fb02a77a98de4a8c648cb7a8

    • SHA256

      0a18cd77892a80f46568432760623ee18e3c407b807063b0c2e25aca16e37aa4

    • SHA512

      7155626403c678006ae5f52b7d1566c854a847387d0177f912c0a8fd5c74458706863231f329ac243bd25ebca7765d22a946c6ad8843532515588490781f84c1

    • SSDEEP

      12288:OOfBr/G+fxNtf5sHO0fjidESYY+Pa9JG7e8AWbDeoRnRUVqRt9/DJg:5/G+dhl0rqYY+P0IFDeERUyC

    Score
    10/10
    darkcometdiscoveryevasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Modifies firewall policy service

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks