Overview

overview

10

Static

static

3

edd2082669...18.exe

windows7-x64

10

edd2082669...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edd208266996315d13f856cefa16f618_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241214-j1r3fsxqhm

  • MD5

    edd208266996315d13f856cefa16f618

  • SHA1

    2332ed2cbf8ce901a2c60753ed865648d3bc52e4

  • SHA256

    5784171950f575de39154842ebd9d4a187647eaa5cb84a590a833b9b784f2a7a

  • SHA512

    b8f5258f7517d9ab775fe80189e708555e76795b781cb7b8878bb85b4183227354a1650ddffbb599932b58e824f7e73e3b01aac0c5698c8f913cd4531abb58b8

  • SSDEEP

    24576:20oL/rruzqNu/GtCbBXieusDd/ViKVhlGN:20eRNyGtKvddKN

Score
10/10
darkcometdiscoveryrattrojanupx

Malware Config

Targets

    • Target

      edd208266996315d13f856cefa16f618_JaffaCakes118

    • Size

      1.0MB

    • MD5

      edd208266996315d13f856cefa16f618

    • SHA1

      2332ed2cbf8ce901a2c60753ed865648d3bc52e4

    • SHA256

      5784171950f575de39154842ebd9d4a187647eaa5cb84a590a833b9b784f2a7a

    • SHA512

      b8f5258f7517d9ab775fe80189e708555e76795b781cb7b8878bb85b4183227354a1650ddffbb599932b58e824f7e73e3b01aac0c5698c8f913cd4531abb58b8

    • SSDEEP

      24576:20oL/rruzqNu/GtCbBXieusDd/ViKVhlGN:20eRNyGtKvddKN

    Score
    10/10
    darkcometdiscoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks