Overview

overview

10

Static

static

3

f08fc211cf...18.exe

windows7-x64

10

f08fc211cf...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f08fc211cf36e9c208f2cad5ede21d3a_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241214-zapgmstkey

  • MD5

    f08fc211cf36e9c208f2cad5ede21d3a

  • SHA1

    ef4a55a144149190d96fb3cbad17b1b558fda025

  • SHA256

    566f253412379e3b506b9140357109128b4fbda71bebcdcefdf479b1215a7647

  • SHA512

    a984a3a58512ef16ab42bdc8d1f97003da459300f5826a1de07cf99c07118ea387bde72c386785fabad0d279a5d74c71235b0be55573a18db750eb87211fd7af

  • SSDEEP

    24576:+ICEgHEFDPPBMQSzIp4CQOHcLLxzLc9Qi/Qtv4jNAM8cAFhVlrYzv5/kxIq47:mIM7OmzLc9zQ+jCJZDlrYd/kOq47

Score
10/10
darkcometwere all gonna miss you.discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Were all gonna miss you.

C2

thepwnman.no-ip.biz:3131

Mutex

Goodbye DC </3

Attributes
  • gencode

    JY7xRluxnMpG

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      f08fc211cf36e9c208f2cad5ede21d3a_JaffaCakes118

    • Size

      1.2MB

    • MD5

      f08fc211cf36e9c208f2cad5ede21d3a

    • SHA1

      ef4a55a144149190d96fb3cbad17b1b558fda025

    • SHA256

      566f253412379e3b506b9140357109128b4fbda71bebcdcefdf479b1215a7647

    • SHA512

      a984a3a58512ef16ab42bdc8d1f97003da459300f5826a1de07cf99c07118ea387bde72c386785fabad0d279a5d74c71235b0be55573a18db750eb87211fd7af

    • SSDEEP

      24576:+ICEgHEFDPPBMQSzIp4CQOHcLLxzLc9Qi/Qtv4jNAM8cAFhVlrYzv5/kxIq47:mIM7OmzLc9zQ+jCJZDlrYd/kOq47

    Score
    10/10
    darkcometwere all gonna miss you.discoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks