Overview

overview

10

Static

static

3

JaffaCakes...0b.exe

windows7-x64

10

JaffaCakes...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e6ce1f29a7a46cf2ca66dcd2f670620b

  • Size

    888KB

  • Sample

    250211-qrppastlaj

  • MD5

    e6ce1f29a7a46cf2ca66dcd2f670620b

  • SHA1

    46a3022ea04fa281da7c5483ec5565d48728d571

  • SHA256

    933f20fdd619132dce7a72cba61763db488c493a30416cbccb700201c0a7849e

  • SHA512

    6d4796b6f5b19499bb23bf844af54e245ebfbdbbf00cd438580947dfe08c404ff1dfabe874830ccaf152c85608196cbe5b6fbf8cb9cc00ce753e2ab03c834a89

  • SSDEEP

    24576:qecoAGKeiQPhav6m3fol1+hxK9i/GRgrdm3+:qbfeiYhaCUM1gTu

Score
10/10
darkcometdiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      JaffaCakes118_e6ce1f29a7a46cf2ca66dcd2f670620b

    • Size

      888KB

    • MD5

      e6ce1f29a7a46cf2ca66dcd2f670620b

    • SHA1

      46a3022ea04fa281da7c5483ec5565d48728d571

    • SHA256

      933f20fdd619132dce7a72cba61763db488c493a30416cbccb700201c0a7849e

    • SHA512

      6d4796b6f5b19499bb23bf844af54e245ebfbdbbf00cd438580947dfe08c404ff1dfabe874830ccaf152c85608196cbe5b6fbf8cb9cc00ce753e2ab03c834a89

    • SSDEEP

      24576:qecoAGKeiQPhav6m3fol1+hxK9i/GRgrdm3+:qbfeiYhaCUM1gTu

    Score
    10/10
    darkcometdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks