Overview

overview

10

Static

static

3

JaffaCakes...98.exe

windows7-x64

10

JaffaCakes...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a5e22653e3058b0b804eef1f961ad398

  • Size

    1.1MB

  • Sample

    250206-b1wrmsymct

  • MD5

    a5e22653e3058b0b804eef1f961ad398

  • SHA1

    bf634599868679a3c215aba59ae0040e867d3022

  • SHA256

    3f3be2c601c7ee51d244779e9d3a6f847c3fb1754dcf3caef0885d809d488e58

  • SHA512

    40e538627d1187008fdb1d6e27890d6ffb3b0d3e3005dfba3861169223c862e7484670fcee69b7b06b4b5675109365df2f4e8dce9ce628570e26b0a6a9721f13

  • SSDEEP

    12288:Yl+aV+ZtWsMxXvl7lJ4d77ppwZP5b5Bkh9mU+o55avzAkIbSrzY8CtkU7Uw6G08w:E+SEcF3g/ppEtTprk6zwAtL1hiH3u1

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      JaffaCakes118_a5e22653e3058b0b804eef1f961ad398

    • Size

      1.1MB

    • MD5

      a5e22653e3058b0b804eef1f961ad398

    • SHA1

      bf634599868679a3c215aba59ae0040e867d3022

    • SHA256

      3f3be2c601c7ee51d244779e9d3a6f847c3fb1754dcf3caef0885d809d488e58

    • SHA512

      40e538627d1187008fdb1d6e27890d6ffb3b0d3e3005dfba3861169223c862e7484670fcee69b7b06b4b5675109365df2f4e8dce9ce628570e26b0a6a9721f13

    • SSDEEP

      12288:Yl+aV+ZtWsMxXvl7lJ4d77ppwZP5b5Bkh9mU+o55avzAkIbSrzY8CtkU7Uw6G08w:E+SEcF3g/ppEtTprk6zwAtL1hiH3u1

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks