Overview

overview

10

Static

static

3

JaffaCakes...66.exe

windows7-x64

10

JaffaCakes...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_b24e6fa5bc8eb2fe91c4642c92333766

  • Size

    812KB

  • Sample

    250207-dnbl2sxrgp

  • MD5

    b24e6fa5bc8eb2fe91c4642c92333766

  • SHA1

    df93fa651cb093539c9936048a06c1baa22fd1f5

  • SHA256

    dd3d5c699274454e1c3f23bea633a3823fbe5c99f739270d34ddc80e1f9a70e2

  • SHA512

    4d85201281cc785a0892d20589aa440a039d7a9c3102e3fc0c7cbed0e7aacfa95fdb68ceadcd581b842b3fc5e40159bf556032eaa36476f6ce769ba511b60e4c

  • SSDEEP

    24576:/4ertC/5MhG4GynfJ0CEKwvyMLn0BL1HI/uJye:/4epG5iLJRoKHTZHkuAe

Score
10/10
darkcometguest16discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    K6G#hds5n�hD

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_b24e6fa5bc8eb2fe91c4642c92333766

    • Size

      812KB

    • MD5

      b24e6fa5bc8eb2fe91c4642c92333766

    • SHA1

      df93fa651cb093539c9936048a06c1baa22fd1f5

    • SHA256

      dd3d5c699274454e1c3f23bea633a3823fbe5c99f739270d34ddc80e1f9a70e2

    • SHA512

      4d85201281cc785a0892d20589aa440a039d7a9c3102e3fc0c7cbed0e7aacfa95fdb68ceadcd581b842b3fc5e40159bf556032eaa36476f6ce769ba511b60e4c

    • SSDEEP

      24576:/4ertC/5MhG4GynfJ0CEKwvyMLn0BL1HI/uJye:/4epG5iLJRoKHTZHkuAe

    Score
    10/10
    darkcometguest16discoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks