Overview

overview

10

Static

static

10

JaffaCakes...b0.exe

windows7-x64

10

JaffaCakes...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6bd0056ab31eefee77854eed1a2944b0

  • Size

    658KB

  • Sample

    250103-lyrd9axqav

  • MD5

    6bd0056ab31eefee77854eed1a2944b0

  • SHA1

    d884865fd4029a61033001fd0604954dfb53b3c1

  • SHA256

    ed5c7105af426a159682b4199396992b81a8e8b802c55e50f695925e4cedb325

  • SHA512

    040006c1ba6a3132f079837e0157d95157514afa65a66ae1ab39211d8c7f6f8bd6e9b29c05ffeb0a97753db07bed4fca9f48ec5362200222adf3075357e5df63

  • SSDEEP

    12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFp:6iBIGkbxqEcjsWiDxguehC2SW

Score
10/10
darkcometguest16discoveryevasionrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

goodhash88.ddns.net:555

Mutex

DC_MUTEX-XLU6YM1

Attributes
  • gencode

    4rAQ7sMw8zEH

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      JaffaCakes118_6bd0056ab31eefee77854eed1a2944b0

    • Size

      658KB

    • MD5

      6bd0056ab31eefee77854eed1a2944b0

    • SHA1

      d884865fd4029a61033001fd0604954dfb53b3c1

    • SHA256

      ed5c7105af426a159682b4199396992b81a8e8b802c55e50f695925e4cedb325

    • SHA512

      040006c1ba6a3132f079837e0157d95157514afa65a66ae1ab39211d8c7f6f8bd6e9b29c05ffeb0a97753db07bed4fca9f48ec5362200222adf3075357e5df63

    • SSDEEP

      12288:u9HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFp:6iBIGkbxqEcjsWiDxguehC2SW

    Score
    10/10
    darkcometguest16discoveryevasionrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Disables Task Manager via registry modification

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks