darkcomet | 64e971ca34fbd907e30392889d8a05e1a7bdccc237d198b3906643761fd3a0c1 | Triage

Submit
Reports

Overview

overview

Static

static

1a16af0922...18.exe

windows7-x64

1a16af0922...18.exe

windows10-2004-x64

Sharing

General

Target

1a16af0922dd982139bf3eac3721480e_JaffaCakes118
Size

660KB
Sample

240628-pgvbcsyfqc
MD5

1a16af0922dd982139bf3eac3721480e
SHA1

d97bf367d95b3140eec77221311c3806eac9f00d
SHA256

64e971ca34fbd907e30392889d8a05e1a7bdccc237d198b3906643761fd3a0c1
SHA512

5ad04f5a1512273e4dcdd5df579a3c8be0404c979fa773e504de03cda2b4eb39222eee84cd7751d4b5fad33a1ba40afe2d708c2ab7ecd6e4a9028bbd79b7bdad
SSDEEP

12288:QXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuXksh/fy452Us:2nAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jh

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1a16af0922dd982139bf3eac3721480e_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet persistence rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a16af0922dd982139bf3eac3721480e_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a16af0922dd982139bf3eac3721480e_JaffaCakes118
- Size
  
  660KB
- MD5
  
  1a16af0922dd982139bf3eac3721480e
- SHA1
  
  d97bf367d95b3140eec77221311c3806eac9f00d
- SHA256
  
  64e971ca34fbd907e30392889d8a05e1a7bdccc237d198b3906643761fd3a0c1
- SHA512
  
  5ad04f5a1512273e4dcdd5df579a3c8be0404c979fa773e504de03cda2b4eb39222eee84cd7751d4b5fad33a1ba40afe2d708c2ab7ecd6e4a9028bbd79b7bdad
- SSDEEP
  
  12288:QXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuXksh/fy452Us:2nAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jh
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2024

Terms | Privacy