darkcomet | a9c422203b66b4affbf64982802f15d355db7c4882e297aed106a3922ffb8056 | Triage

Submit
Reports

Overview

overview

Static

static

3

1709065d9e...18.exe

windows7-x64

1709065d9e...18.exe

windows10-2004-x64

Sharing

General

Target

1709065d9e88bad4a044992fcbd131e3_JaffaCakes118
Size

1.3MB
Sample

240627-wz74hawdjj
MD5

1709065d9e88bad4a044992fcbd131e3
SHA1

bbe2f0d43609e0ffd945711882175b5c27ea0b39
SHA256

a9c422203b66b4affbf64982802f15d355db7c4882e297aed106a3922ffb8056
SHA512

6762f636ad6d16cfca4c2b39c6e8259a6cd0a931a482fdfb30387d8fcf8cf9370aaeee26979e0ae8126c8d02eaecfe6bce3830b4c29ea4604bc9f300175e3c88
SSDEEP

12288:utkqF3P8ZVGsA2bPs83oZkPDPppNe696ASaufwHESMuF4zeiCJeCPnVc1FFLwyMz:u2cBLSp/H/VV1LGdw5+qKCsfC0/U

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1709065d9e88bad4a044992fcbd131e3_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet persistence rat trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

1709065d9e88bad4a044992fcbd131e3_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet persistence rat trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  1709065d9e88bad4a044992fcbd131e3_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  1709065d9e88bad4a044992fcbd131e3
- SHA1
  
  bbe2f0d43609e0ffd945711882175b5c27ea0b39
- SHA256
  
  a9c422203b66b4affbf64982802f15d355db7c4882e297aed106a3922ffb8056
- SHA512
  
  6762f636ad6d16cfca4c2b39c6e8259a6cd0a931a482fdfb30387d8fcf8cf9370aaeee26979e0ae8126c8d02eaecfe6bce3830b4c29ea4604bc9f300175e3c88
- SSDEEP
  
  12288:utkqF3P8ZVGsA2bPs83oZkPDPppNe696ASaufwHESMuF4zeiCJeCPnVc1FFLwyMz:u2cBLSp/H/VV1LGdw5+qKCsfC0/U
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2024

Terms | Privacy