darkcomet | 62bc25646fb53fb537e5f7df1a22388ddc86acc54b35702bc33780af37eda5ab | Triage

Submit
Reports

Overview

overview

Static

static

0f08c77d12...18.exe

windows7-x64

0f08c77d12...18.exe

windows10-2004-x64

Sharing

General

Target

0f08c77d123024756eec3a6643bc5a57_JaffaCakes118
Size

797KB
Sample

240625-wqxamsvbrc
MD5

0f08c77d123024756eec3a6643bc5a57
SHA1

0baf67971c671ed44fd75c5218188d6ea251bec0
SHA256

62bc25646fb53fb537e5f7df1a22388ddc86acc54b35702bc33780af37eda5ab
SHA512

9df9189f706d958aaf201cac619671e240a08edb63bf83bbd95a22ec9190a69afee9b0fac42b3803aa5c7d5a7103cc2aac79046a94aaf25b038f59e3e5a05bb0
SSDEEP

12288:bFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0c/qe:53nbWmJVJFwSddIXvfhqbiaxvRFqe

Score

10^/10

darkcomet latentbot evasion rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

0f08c77d123024756eec3a6643bc5a57_JaffaCakes118.exe

Resource

win7-20240220-en

darkcomet latentbot evasion rat trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f08c77d123024756eec3a6643bc5a57_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet latentbot evasion rat trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

hiluxtoyota.zapto.org

Targets

- Target
  
  0f08c77d123024756eec3a6643bc5a57_JaffaCakes118
- Size
  
  797KB
- MD5
  
  0f08c77d123024756eec3a6643bc5a57
- SHA1
  
  0baf67971c671ed44fd75c5218188d6ea251bec0
- SHA256
  
  62bc25646fb53fb537e5f7df1a22388ddc86acc54b35702bc33780af37eda5ab
- SHA512
  
  9df9189f706d958aaf201cac619671e240a08edb63bf83bbd95a22ec9190a69afee9b0fac42b3803aa5c7d5a7103cc2aac79046a94aaf25b038f59e3e5a05bb0
- SSDEEP
  
  12288:bFLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0c/qe:53nbWmJVJFwSddIXvfhqbiaxvRFqe
Score

10^/10

darkcomet latentbot evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometlatentbotevasionrattrojanupx

behavioral2

darkcometlatentbotevasionrattrojanupx

© 2018-2024

Terms | Privacy