darkcomet | d340f8163f599b8f52eda452caf625c2036db62d4eca7e5bca8f7b095a1edcde | Triage

Submit
Reports

Overview

overview

Static

static

1a466065bc...18.exe

windows7-x64

1a466065bc...18.exe

windows10-2004-x64

Sharing

General

Target

1a466065bc9997c4757e4739ed07fb42_JaffaCakes118
Size

243KB
Sample

240628-qle8nsvark
MD5

1a466065bc9997c4757e4739ed07fb42
SHA1

ede4dcfa02f62dd2f5de5e7987cbe64871ee2f66
SHA256

d340f8163f599b8f52eda452caf625c2036db62d4eca7e5bca8f7b095a1edcde
SHA512

e29cc862a941d667b0af0bb7c84815392bc9bc904e65d2ed0eb1de1bfcf216dd7e7e1579680bc1c2647a4e50aadaa9c57ba7e52fa55db284c5acd756e9fad077
SSDEEP

6144:QFLFE+xd3Fyprbf6ZJr8DPBUDthcOWpa0pBRi08Y6:QPd1kcF8NUDjcOWpaabis

Score

10^/10

darkcomet evasion persistence rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1a466065bc9997c4757e4739ed07fb42_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet evasion persistence rat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1a466065bc9997c4757e4739ed07fb42_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet evasion persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a466065bc9997c4757e4739ed07fb42_JaffaCakes118
- Size
  
  243KB
- MD5
  
  1a466065bc9997c4757e4739ed07fb42
- SHA1
  
  ede4dcfa02f62dd2f5de5e7987cbe64871ee2f66
- SHA256
  
  d340f8163f599b8f52eda452caf625c2036db62d4eca7e5bca8f7b095a1edcde
- SHA512
  
  e29cc862a941d667b0af0bb7c84815392bc9bc904e65d2ed0eb1de1bfcf216dd7e7e1579680bc1c2647a4e50aadaa9c57ba7e52fa55db284c5acd756e9fad077
- SSDEEP
  
  6144:QFLFE+xd3Fyprbf6ZJr8DPBUDthcOWpa0pBRi08Y6:QPd1kcF8NUDjcOWpaabis
Score

10^/10

darkcomet evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Windows security bypass
  evasion trojan
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojanupx

behavioral2

darkcometevasionpersistencerattrojanupx

© 2018-2024

Terms | Privacy