Overview

overview

10

Static

static

3

JaffaCakes...f9.exe

windows7-x64

10

JaffaCakes...f9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_49635c25e76f72c692bd5d8600cc6bf9

  • Size

    910KB

  • Sample

    250303-1whfws1jy3

  • MD5

    49635c25e76f72c692bd5d8600cc6bf9

  • SHA1

    51aa4ad6e382ce54d4f949796f80ec5711b836bf

  • SHA256

    3898845e96f747891a7e526143560871cff89df8b76e452559caf7d3ca775135

  • SHA512

    30cc48422430d4d338c946fcf93b45e358270d2fb5c6f41bacafe316b19cba4551bbe2c00c927b919f15d0e74e9c07c45527d06384fd184c0632531f72e6b79a

  • SSDEEP

    12288:Wv54yElrjeQNp2wWjCQelSO037N3vDG2OhPURmTIyCfOf1GvhGeOYlF/WOG:rlGQNp2NCQelSO03RvKhPURAl91eDWOG

Score
10/10
darkcometdiscoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_49635c25e76f72c692bd5d8600cc6bf9

    • Size

      910KB

    • MD5

      49635c25e76f72c692bd5d8600cc6bf9

    • SHA1

      51aa4ad6e382ce54d4f949796f80ec5711b836bf

    • SHA256

      3898845e96f747891a7e526143560871cff89df8b76e452559caf7d3ca775135

    • SHA512

      30cc48422430d4d338c946fcf93b45e358270d2fb5c6f41bacafe316b19cba4551bbe2c00c927b919f15d0e74e9c07c45527d06384fd184c0632531f72e6b79a

    • SSDEEP

      12288:Wv54yElrjeQNp2wWjCQelSO037N3vDG2OhPURmTIyCfOf1GvhGeOYlF/WOG:rlGQNp2NCQelSO03RvKhPURAl91eDWOG

    Score
    10/10
    darkcometdiscoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks