Overview

overview

10

Static

static

3

JaffaCakes...96.exe

windows7-x64

10

JaffaCakes...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_76dd6ce404611de5a28c147015290596

  • Size

    1.1MB

  • Sample

    250104-b3f4zatrav

  • MD5

    76dd6ce404611de5a28c147015290596

  • SHA1

    2a17c70e18b8803b416c1a27fb900525292ce0c9

  • SHA256

    f5ad4e31eda2563b01792cd79cf7010149bdb6ed98ba853b558c74b46e731774

  • SHA512

    a98791e09cf8932d0076a28af586a805d95915637e902067605c0e841475055dce9dd4ca3c1d33ae61328cc2ee86c1ef91283bf97e4d9a4811101ff1ce3c2bde

  • SSDEEP

    12288:ZNSorbqLBMHvSQ5OeREOnXZykqQz4KHI2h+UYS//5cgMeaEgkCyABCbe3GFh7rX6:Zjc2S80VE4AIU+LNEGBAe3Tnh9Xp

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      JaffaCakes118_76dd6ce404611de5a28c147015290596

    • Size

      1.1MB

    • MD5

      76dd6ce404611de5a28c147015290596

    • SHA1

      2a17c70e18b8803b416c1a27fb900525292ce0c9

    • SHA256

      f5ad4e31eda2563b01792cd79cf7010149bdb6ed98ba853b558c74b46e731774

    • SHA512

      a98791e09cf8932d0076a28af586a805d95915637e902067605c0e841475055dce9dd4ca3c1d33ae61328cc2ee86c1ef91283bf97e4d9a4811101ff1ce3c2bde

    • SSDEEP

      12288:ZNSorbqLBMHvSQ5OeREOnXZykqQz4KHI2h+UYS//5cgMeaEgkCyABCbe3GFh7rX6:Zjc2S80VE4AIU+LNEGBAe3Tnh9Xp

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks