Overview

overview

10

Static

static

3

f9fdd0d68d...18.exe

windows7-x64

10

f9fdd0d68d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9fdd0d68dc69aabb134e1821171de5f_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241218-egkf2stkhl

  • MD5

    f9fdd0d68dc69aabb134e1821171de5f

  • SHA1

    727a86e1c524f0525539fbf70c22e7e9873de24a

  • SHA256

    1513469d47432259a0f44fa5279c294cb020eb41bd90dc2e7044d6ecb0845729

  • SHA512

    f90b67febe72caaae8f6a6fa994c689ff27eca0137aedd7cce4d754ad2023e92d6d28dc13a618322a112cc49924f82aee02da9fc5fff572bc6775f5f29ce14ad

  • SSDEEP

    12288:f/Bv17kMLTTTdfIX1y6hgpcKiaqb7MybKbeLSVNIYntkypxCJfFSzk+wDvCXP56a:ddshJMXiJo7jWy8a1VXiNhbnQ+

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      f9fdd0d68dc69aabb134e1821171de5f_JaffaCakes118

    • Size

      1.1MB

    • MD5

      f9fdd0d68dc69aabb134e1821171de5f

    • SHA1

      727a86e1c524f0525539fbf70c22e7e9873de24a

    • SHA256

      1513469d47432259a0f44fa5279c294cb020eb41bd90dc2e7044d6ecb0845729

    • SHA512

      f90b67febe72caaae8f6a6fa994c689ff27eca0137aedd7cce4d754ad2023e92d6d28dc13a618322a112cc49924f82aee02da9fc5fff572bc6775f5f29ce14ad

    • SSDEEP

      12288:f/Bv17kMLTTTdfIX1y6hgpcKiaqb7MybKbeLSVNIYntkypxCJfFSzk+wDvCXP56a:ddshJMXiJo7jWy8a1VXiNhbnQ+

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks