Overview

overview

10

Static

static

3

JaffaCakes...40.exe

windows7-x64

10

JaffaCakes...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8fafe7a85dac5b88c2e78fca27939640

  • Size

    1.2MB

  • Sample

    250117-svn82stmcz

  • MD5

    8fafe7a85dac5b88c2e78fca27939640

  • SHA1

    5f02d41e422e05bb310551d52d1e4f7616acab34

  • SHA256

    a93e8769416686494b88a824fa6020303bb2b5b0a8115018f7c7be292b1039f2

  • SHA512

    17c8f7de4267fe92fb89412027c78635092eb2afc88d76903a4941a6a8c0eb1eabfe956ec80c8b96153a9e1f6ab6a55338ef2dd89d8f3c3fabdf8d34466b4744

  • SSDEEP

    24576:+bXUN9qOHOPeKCOo9d0QN857KrYQZl2c+WhnuR:Me9qO2e+o9+P7KdUMh+

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      JaffaCakes118_8fafe7a85dac5b88c2e78fca27939640

    • Size

      1.2MB

    • MD5

      8fafe7a85dac5b88c2e78fca27939640

    • SHA1

      5f02d41e422e05bb310551d52d1e4f7616acab34

    • SHA256

      a93e8769416686494b88a824fa6020303bb2b5b0a8115018f7c7be292b1039f2

    • SHA512

      17c8f7de4267fe92fb89412027c78635092eb2afc88d76903a4941a6a8c0eb1eabfe956ec80c8b96153a9e1f6ab6a55338ef2dd89d8f3c3fabdf8d34466b4744

    • SSDEEP

      24576:+bXUN9qOHOPeKCOo9d0QN857KrYQZl2c+WhnuR:Me9qO2e+o9+P7KdUMh+

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks