darkcomet | 861f92d609337d71f42fc76fb3d344306f643c8b9210ae6425b84ed2d22bcfb7 | Triage

Submit
Reports

Overview

overview

Static

static

1ba0456f02...18.exe

windows7-x64

1ba0456f02...18.exe

windows10-2004-x64

Sharing

General

Target

1ba0456f02dbbdd234b252b82be91512_JaffaCakes118
Size

722KB
Sample

240701-rn3mesweka
MD5

1ba0456f02dbbdd234b252b82be91512
SHA1

a993ee407585ff47f59948ef7e7f2209374b087b
SHA256

861f92d609337d71f42fc76fb3d344306f643c8b9210ae6425b84ed2d22bcfb7
SHA512

4bcb623444eb4b9b607a5dd4976fa813008d79b49733645a52cc6a2337b05e03466d2b6042e1cf7827be468077bdab611723f226b67c26c4455ea7e3942150d3
SSDEEP

12288:4FLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJr2:Y3nbWmJVJFwSddIXvfhqbiaxvRxq9p2

Score

10^/10

darkcomet evasion rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1ba0456f02dbbdd234b252b82be91512_JaffaCakes118.exe

Resource

win7-20240221-en

darkcomet evasion rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ba0456f02dbbdd234b252b82be91512_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet evasion rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  1ba0456f02dbbdd234b252b82be91512_JaffaCakes118
- Size
  
  722KB
- MD5
  
  1ba0456f02dbbdd234b252b82be91512
- SHA1
  
  a993ee407585ff47f59948ef7e7f2209374b087b
- SHA256
  
  861f92d609337d71f42fc76fb3d344306f643c8b9210ae6425b84ed2d22bcfb7
- SHA512
  
  4bcb623444eb4b9b607a5dd4976fa813008d79b49733645a52cc6a2337b05e03466d2b6042e1cf7827be468077bdab611723f226b67c26c4455ea7e3942150d3
- SSDEEP
  
  12288:4FLlJnnbWOtz6sVJhvaz1Qc/WdI//vfM4qwrbkniafLo6vUTyl0w/q9jJr2:Y3nbWmJVJFwSddIXvfhqbiaxvRxq9p2
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy