darkcomet | 0e8b4487dc2329956cfba875d3db8166136c0e8faedab0735f1af63f724ddfda | Triage

Submit
Reports

Overview

overview

Static

static

1a0494c255...18.exe

windows7-x64

1a0494c255...18.exe

windows10-2004-x64

Sharing

General

Target

1a0494c25535b8afcec320508785e0c7_JaffaCakes118
Size

646KB
Sample

240628-n2fg9sxhqf
MD5

1a0494c25535b8afcec320508785e0c7
SHA1

681baf728c857e615ffe9cbe08f1d1c288ccdf3a
SHA256

0e8b4487dc2329956cfba875d3db8166136c0e8faedab0735f1af63f724ddfda
SHA512

11516919e264f6b06fbedc1aada85cf3ca823c2b99613e31c479c182f6e9db7a2a73db986a744984114a78459c8a0c1be254929e3074e8e6ffbd2fa52a2426f9
SSDEEP

12288:A8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixI:5UKoN0bUxgGa/pfBHDb+y1HgZC

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1a0494c25535b8afcec320508785e0c7_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet persistence rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a0494c25535b8afcec320508785e0c7_JaffaCakes118.exe

Resource

win10v2004-20240226-en

darkcomet persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a0494c25535b8afcec320508785e0c7_JaffaCakes118
- Size
  
  646KB
- MD5
  
  1a0494c25535b8afcec320508785e0c7
- SHA1
  
  681baf728c857e615ffe9cbe08f1d1c288ccdf3a
- SHA256
  
  0e8b4487dc2329956cfba875d3db8166136c0e8faedab0735f1af63f724ddfda
- SHA512
  
  11516919e264f6b06fbedc1aada85cf3ca823c2b99613e31c479c182f6e9db7a2a73db986a744984114a78459c8a0c1be254929e3074e8e6ffbd2fa52a2426f9
- SSDEEP
  
  12288:A8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixI:5UKoN0bUxgGa/pfBHDb+y1HgZC
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2024

Terms | Privacy