Overview

overview

10

Static

static

3

JaffaCakes...65.exe

windows7-x64

10

JaffaCakes...65.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_0804297927351c176996f8cea3618e65

  • Size

    732KB

  • Sample

    250121-2gbkgavmdn

  • MD5

    0804297927351c176996f8cea3618e65

  • SHA1

    d7b2b1e7289ea44ca368bbf86522c8b3b3092be2

  • SHA256

    e33afe352abd8d52445184e9c96dc386e1556e9785eb1d008d3d20de5b331b04

  • SHA512

    d5f31fa50fcb26a6f09b2c7ef4d3f8c91320628560784f82fd1beb0a2d2cf2f68ff319a25811849039ecfad29c24825dfb4300c40b0f5828dc8826472775fa22

  • SSDEEP

    12288:xLB+rJvfwt1J7q5ViOHXhyuObE25ehE/s6M3S+0cNFn790JSlXdE92THoUsV:yrJvfoCVHXaB5ehEU6M9JFGUt

Score
10/10
darkcometguest16_mindiscoverypersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

nikepikachu.no-ip.biz:100

Mutex

DCMIN_MUTEX-7U0YS9H

Attributes
  • gencode

    G8MqZb1ekLhK

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      JaffaCakes118_0804297927351c176996f8cea3618e65

    • Size

      732KB

    • MD5

      0804297927351c176996f8cea3618e65

    • SHA1

      d7b2b1e7289ea44ca368bbf86522c8b3b3092be2

    • SHA256

      e33afe352abd8d52445184e9c96dc386e1556e9785eb1d008d3d20de5b331b04

    • SHA512

      d5f31fa50fcb26a6f09b2c7ef4d3f8c91320628560784f82fd1beb0a2d2cf2f68ff319a25811849039ecfad29c24825dfb4300c40b0f5828dc8826472775fa22

    • SSDEEP

      12288:xLB+rJvfwt1J7q5ViOHXhyuObE25ehE/s6M3S+0cNFn790JSlXdE92THoUsV:yrJvfoCVHXaB5ehEU6M9JFGUt

    Score
    10/10
    darkcometguest16_mindiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks