Overview

overview

10

Static

static

3

JaffaCakes...30.exe

windows7-x64

10

JaffaCakes...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6af302837f6b3629440664ad4eaffb30

  • Size

    885KB

  • Sample

    250103-htlfnatlex

  • MD5

    6af302837f6b3629440664ad4eaffb30

  • SHA1

    08fd81dccace3c22da738c4c23c11291b4408c91

  • SHA256

    adc22749c5d4547c94a7e5ac9d4d10a1dceb232469caa6ddd1bac4afc92699d2

  • SHA512

    892a1865ccd8b090fc10df81e3844507ce1b7e579d23441ed108cf3bae53ac428894e381a22d72419516e9b5b3d72c6d1569d4ec1bb3f8f759902f2a1d984e8f

  • SSDEEP

    24576:IgOCK33kZnEvq3Rh4P1998MmYEaucKwlyHn8M1Hp:dOhnmZWU/wOLHp

Score
10/10
darkcometyahoo1discoverypersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Yahoo1

C2

noonon.zapto.org:1244

hgohos.zapto.org:9531
Mutex

DC_MUTEX-DQRNTQX

Attributes
  • gencode

    RdFkfe7MWLin

  • install

    false

  • offline_keylogger

    false

  • password

    mynopass

  • persistence

    false

Targets

    • Target

      JaffaCakes118_6af302837f6b3629440664ad4eaffb30

    • Size

      885KB

    • MD5

      6af302837f6b3629440664ad4eaffb30

    • SHA1

      08fd81dccace3c22da738c4c23c11291b4408c91

    • SHA256

      adc22749c5d4547c94a7e5ac9d4d10a1dceb232469caa6ddd1bac4afc92699d2

    • SHA512

      892a1865ccd8b090fc10df81e3844507ce1b7e579d23441ed108cf3bae53ac428894e381a22d72419516e9b5b3d72c6d1569d4ec1bb3f8f759902f2a1d984e8f

    • SSDEEP

      24576:IgOCK33kZnEvq3Rh4P1998MmYEaucKwlyHn8M1Hp:dOhnmZWU/wOLHp

    Score
    10/10
    darkcometyahoo1discoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks