Overview

overview

10

Static

static

10

eed1c57245...18.exe

windows7-x64

10

eed1c57245...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eed1c57245adaa013d7ccf165abaa28c_JaffaCakes118

  • Size

    648KB

  • Sample

    241214-pydpyaslb1

  • MD5

    eed1c57245adaa013d7ccf165abaa28c

  • SHA1

    4f6a9ea414292796260f069c33bee09a2d87be37

  • SHA256

    f11292d9941dd3dd980990c516c427597cf3beefc8099a6e739cd3f3039d0494

  • SHA512

    4e64d4ab025d50476d3ec0c96b978682103b0e2d52985e9a91f72cfaaf0659e431232c46319cf4d43fc647d0162a1f1e3b03a3a05b7d56feb8df080a66d438fe

  • SSDEEP

    12288:06A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhp:JAmBpVKHu0Mu9Xo20VGLVP5p

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      eed1c57245adaa013d7ccf165abaa28c_JaffaCakes118

    • Size

      648KB

    • MD5

      eed1c57245adaa013d7ccf165abaa28c

    • SHA1

      4f6a9ea414292796260f069c33bee09a2d87be37

    • SHA256

      f11292d9941dd3dd980990c516c427597cf3beefc8099a6e739cd3f3039d0494

    • SHA512

      4e64d4ab025d50476d3ec0c96b978682103b0e2d52985e9a91f72cfaaf0659e431232c46319cf4d43fc647d0162a1f1e3b03a3a05b7d56feb8df080a66d438fe

    • SSDEEP

      12288:06A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhp:JAmBpVKHu0Mu9Xo20VGLVP5p

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks