darkcomet | 5252f6c57cca629847ad5482dc3b8b942f0e8ba4f2510e56fae0d2f836969e57 | Triage

Submit
Reports

Overview

overview

Static

static

3

1979150d08...18.exe

windows7-x64

1979150d08...18.exe

windows10-2004-x64

Sharing

General

Target

1979150d08c63cf63817fced86bac6b7_JaffaCakes118
Size

680KB
Sample

240628-kg6xyashmn
MD5

1979150d08c63cf63817fced86bac6b7
SHA1

d23ad36fcb5bf7bff2b68d25116a4902872f0be4
SHA256

5252f6c57cca629847ad5482dc3b8b942f0e8ba4f2510e56fae0d2f836969e57
SHA512

0d8d81f63ad5a7827ac9c85da12de33122d78610dd21dafe69fa03ac347ddb070c9ac6cddd02cac9c3bf515b60aa59eb72b36d4eb01f63a800c2d4b36631046d
SSDEEP

12288:5ahBhc+i8vpya071qkqCamwOpZaO2IKpJ8Ifh/MDonUYaKwB8tzL86NdDndmatzZ:8GJdnUXbEaVjVBaBCdkahO69J

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1979150d08c63cf63817fced86bac6b7_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet persistence rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1979150d08c63cf63817fced86bac6b7_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet persistence rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  1979150d08c63cf63817fced86bac6b7_JaffaCakes118
- Size
  
  680KB
- MD5
  
  1979150d08c63cf63817fced86bac6b7
- SHA1
  
  d23ad36fcb5bf7bff2b68d25116a4902872f0be4
- SHA256
  
  5252f6c57cca629847ad5482dc3b8b942f0e8ba4f2510e56fae0d2f836969e57
- SHA512
  
  0d8d81f63ad5a7827ac9c85da12de33122d78610dd21dafe69fa03ac347ddb070c9ac6cddd02cac9c3bf515b60aa59eb72b36d4eb01f63a800c2d4b36631046d
- SSDEEP
  
  12288:5ahBhc+i8vpya071qkqCamwOpZaO2IKpJ8Ifh/MDonUYaKwB8tzL86NdDndmatzZ:8GJdnUXbEaVjVBaBCdkahO69J
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2024

Terms | Privacy