darkcomet | 85112b77cbc006585648662b56b53fa526093e2689398078ff7ee14d0929bf01 | Triage

Submit
Reports

Overview

overview

Static

static

3

171bef4ec1...18.exe

windows7-x64

171bef4ec1...18.exe

windows10-2004-x64

Sharing

General

Target

171bef4ec12a568a8496e2c39e5f4e8e_JaffaCakes118
Size

927KB
Sample

240627-xen1kavdlc
MD5

171bef4ec12a568a8496e2c39e5f4e8e
SHA1

d019dd3f9004920f13b20e5d95586d7a384ebb0b
SHA256

85112b77cbc006585648662b56b53fa526093e2689398078ff7ee14d0929bf01
SHA512

e58a473c16c973f5f29bddfb93dbdc36440e63869ecd7af32f0761f2e38e73088b54e5f88d6183ab34606b5a0e6444b5f479c5e9f0f5092c525b824f411bc847
SSDEEP

24576:wFC/G4K2wSSSMjwvgFS5bJ5TMhmvviZ46hq+:wFR4/lgiKaIq

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

171bef4ec12a568a8496e2c39e5f4e8e_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet persistence rat trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

171bef4ec12a568a8496e2c39e5f4e8e_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet persistence rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  171bef4ec12a568a8496e2c39e5f4e8e_JaffaCakes118
- Size
  
  927KB
- MD5
  
  171bef4ec12a568a8496e2c39e5f4e8e
- SHA1
  
  d019dd3f9004920f13b20e5d95586d7a384ebb0b
- SHA256
  
  85112b77cbc006585648662b56b53fa526093e2689398078ff7ee14d0929bf01
- SHA512
  
  e58a473c16c973f5f29bddfb93dbdc36440e63869ecd7af32f0761f2e38e73088b54e5f88d6183ab34606b5a0e6444b5f479c5e9f0f5092c525b824f411bc847
- SSDEEP
  
  24576:wFC/G4K2wSSSMjwvgFS5bJ5TMhmvviZ46hq+:wFR4/lgiKaIq
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2024

Terms | Privacy