Overview

overview

10

Static

static

10

JaffaCakes...c2.exe

windows7-x64

10

JaffaCakes...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_78628cbb3e75c0b15d2812a514c78bc2

  • Size

    756KB

  • Sample

    250104-h38bsaynct

  • MD5

    78628cbb3e75c0b15d2812a514c78bc2

  • SHA1

    791fb0603796acdc64e370fc51f436e1869e8c6a

  • SHA256

    00b3f4a7d68ebfb9ef9d846c69eae8798aa59084993cd6e7834c385d2042c538

  • SHA512

    f0ddedef772b0bcd9f3a72cf30fe6f69120b48bddb1f93a26c29b992e5f81dfabd209958fadcdf9d31c63ef3badd92aa6cc81954e8db94637aa80c4de0a42d05

  • SSDEEP

    12288:z9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKHb:xAQ6Zx9cxTmOrucTIEFSpOGm

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      JaffaCakes118_78628cbb3e75c0b15d2812a514c78bc2

    • Size

      756KB

    • MD5

      78628cbb3e75c0b15d2812a514c78bc2

    • SHA1

      791fb0603796acdc64e370fc51f436e1869e8c6a

    • SHA256

      00b3f4a7d68ebfb9ef9d846c69eae8798aa59084993cd6e7834c385d2042c538

    • SHA512

      f0ddedef772b0bcd9f3a72cf30fe6f69120b48bddb1f93a26c29b992e5f81dfabd209958fadcdf9d31c63ef3badd92aa6cc81954e8db94637aa80c4de0a42d05

    • SSDEEP

      12288:z9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKHb:xAQ6Zx9cxTmOrucTIEFSpOGm

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Modifies WinLogon for persistence

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks