darkcomet | 1e3adf9d47bc468007e2e0901b464546f8db71116da4ceaff39ff1521373e420 | Triage

Submit
Reports

Overview

overview

Static

static

15a998925e...18.exe

windows7-x64

15a998925e...18.exe

windows10-2004-x64

Sharing

General

Target

15a998925e3e0ac2ca2c0da01634f778_JaffaCakes118
Size

744KB
Sample

240627-mj7ncswgla
MD5

15a998925e3e0ac2ca2c0da01634f778
SHA1

cdecd718b27533905f782c58687fd65505be63b9
SHA256

1e3adf9d47bc468007e2e0901b464546f8db71116da4ceaff39ff1521373e420
SHA512

03bcb296f95e5dde0f7deb34f69677893291483ec3cef2c637c048b58045a60b8b9c111125e811e5a685961ad9f1c8adff85e153235552034e7849a38d15ceb7
SSDEEP

12288:d8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixjbJ:uUKoN0bUxgGa/pfBHDb+y1HgZ9l

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

15a998925e3e0ac2ca2c0da01634f778_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet persistence rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

15a998925e3e0ac2ca2c0da01634f778_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  15a998925e3e0ac2ca2c0da01634f778_JaffaCakes118
- Size
  
  744KB
- MD5
  
  15a998925e3e0ac2ca2c0da01634f778
- SHA1
  
  cdecd718b27533905f782c58687fd65505be63b9
- SHA256
  
  1e3adf9d47bc468007e2e0901b464546f8db71116da4ceaff39ff1521373e420
- SHA512
  
  03bcb296f95e5dde0f7deb34f69677893291483ec3cef2c637c048b58045a60b8b9c111125e811e5a685961ad9f1c8adff85e153235552034e7849a38d15ceb7
- SSDEEP
  
  12288:d8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixjbJ:uUKoN0bUxgGa/pfBHDb+y1HgZ9l
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2024

Terms | Privacy