darkcomet | 7c76299e3ac43fd7282eb0a981138f2e4e8a6521cc2ba7486049c8c92ad68900 | Triage

Submit
Reports

Overview

overview

Static

static

154e078a01...18.exe

windows7-x64

154e078a01...18.exe

windows10-2004-x64

Sharing

General

Target

154e078a01c64594670fc142909254ee_JaffaCakes118
Size

723KB
Sample

240627-j9g9lstcrk
MD5

154e078a01c64594670fc142909254ee
SHA1

22cae4c77eb6e3ff4163b39b65dafceb935e1f11
SHA256

7c76299e3ac43fd7282eb0a981138f2e4e8a6521cc2ba7486049c8c92ad68900
SHA512

323d1ac93b1676834c21d267f23a0e08aced1677fe939cc8d205d3a49da3c834729799a7f31983cfae16da1e5908093481732653cb8aa7bbdd70ba8968a3c172
SSDEEP

12288:7FLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafBo6vnTylKM/q9jJr:Z3nbWmJVJFwSddIXvfhqbia/v2jq9V

Score

10^/10

darkcomet evasion persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

154e078a01c64594670fc142909254ee_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet evasion persistence rat trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

154e078a01c64594670fc142909254ee_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet rat trojan

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  154e078a01c64594670fc142909254ee_JaffaCakes118
- Size
  
  723KB
- MD5
  
  154e078a01c64594670fc142909254ee
- SHA1
  
  22cae4c77eb6e3ff4163b39b65dafceb935e1f11
- SHA256
  
  7c76299e3ac43fd7282eb0a981138f2e4e8a6521cc2ba7486049c8c92ad68900
- SHA512
  
  323d1ac93b1676834c21d267f23a0e08aced1677fe939cc8d205d3a49da3c834729799a7f31983cfae16da1e5908093481732653cb8aa7bbdd70ba8968a3c172
- SSDEEP
  
  12288:7FLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafBo6vnTylKM/q9jJr:Z3nbWmJVJFwSddIXvfhqbia/v2jq9V
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojan

behavioral2

darkcometrattrojan

© 2018-2024

Terms | Privacy