darkcomet | 8439f3656b12b448b15f43c7ea8a8871ea978aaa3f3140af622682d0ac06b8ce | Triage

Submit
Reports

Overview

overview

Static

static

7

15ce45fdf5...18.exe

windows7-x64

15ce45fdf5...18.exe

windows10-2004-x64

Sharing

General

Target

15ce45fdf58db94c01d9379c4f0148f2_JaffaCakes118
Size

616KB
Sample

240627-nfhqhaycmf
MD5

15ce45fdf58db94c01d9379c4f0148f2
SHA1

74aa27d81f3a3d1cf544f6b2c6e8ea160654fac0
SHA256

8439f3656b12b448b15f43c7ea8a8871ea978aaa3f3140af622682d0ac06b8ce
SHA512

651fe20068e868a418cb64af078470be30017fa71d25bca9a1781511f2b135bc71a7ab4a71e7401e11fc20f536b8aecb982ff131f390ca0c135ac2f9336f346f
SSDEEP

12288:YePwlp7/N0+OLbetJZv5m0/VyVz9ZPYHm1GjD2JSmJVRC:fmS+OEZvMQAFAmMeJSmfw

Score

10^/10

darkcomet evasion rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

15ce45fdf58db94c01d9379c4f0148f2_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet evasion rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

15ce45fdf58db94c01d9379c4f0148f2_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet evasion rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  15ce45fdf58db94c01d9379c4f0148f2_JaffaCakes118
- Size
  
  616KB
- MD5
  
  15ce45fdf58db94c01d9379c4f0148f2
- SHA1
  
  74aa27d81f3a3d1cf544f6b2c6e8ea160654fac0
- SHA256
  
  8439f3656b12b448b15f43c7ea8a8871ea978aaa3f3140af622682d0ac06b8ce
- SHA512
  
  651fe20068e868a418cb64af078470be30017fa71d25bca9a1781511f2b135bc71a7ab4a71e7401e11fc20f536b8aecb982ff131f390ca0c135ac2f9336f346f
- SSDEEP
  
  12288:YePwlp7/N0+OLbetJZv5m0/VyVz9ZPYHm1GjD2JSmJVRC:fmS+OEZvMQAFAmMeJSmfw
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy