darkcomet | 351b67cd53a80350ea7d34f069e85a2e4cb4d8050ef00f1e4a994f04326c78af | Triage

Submit
Reports

Overview

overview

Static

static

3

1f36ae9c54...18.exe

windows7-x64

1f36ae9c54...18.exe

windows10-2004-x64

Sharing

General

Target

1f36ae9c549463f85413f1f79c0c5886_JaffaCakes118
Size

630KB
Sample

240702-nwghdavcnp
MD5

1f36ae9c549463f85413f1f79c0c5886
SHA1

d4c413853c03dd17acaada4c1d46195e57cb9017
SHA256

351b67cd53a80350ea7d34f069e85a2e4cb4d8050ef00f1e4a994f04326c78af
SHA512

e54ac588bcba670fe0d3dbbf21768cfa2c1af799c4fc9d2f16d01efbb0697fbf63eaa7ae16ac26e1ef31a1cb247eb6ce63f923dab0ab0d9efe9d3db20852b76c
SSDEEP

12288:v5kJ7Mj7pvwIQRdVoZ9NVlfndzfiX6gIGPQG+U:v5C4jVvW89N7fndzfpgFQG+

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f36ae9c549463f85413f1f79c0c5886_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f36ae9c549463f85413f1f79c0c5886_JaffaCakes118.exe

Resource

win10v2004-20240611-en

darkcomet persistence rat trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1f36ae9c549463f85413f1f79c0c5886_JaffaCakes118
- Size
  
  630KB
- MD5
  
  1f36ae9c549463f85413f1f79c0c5886
- SHA1
  
  d4c413853c03dd17acaada4c1d46195e57cb9017
- SHA256
  
  351b67cd53a80350ea7d34f069e85a2e4cb4d8050ef00f1e4a994f04326c78af
- SHA512
  
  e54ac588bcba670fe0d3dbbf21768cfa2c1af799c4fc9d2f16d01efbb0697fbf63eaa7ae16ac26e1ef31a1cb247eb6ce63f923dab0ab0d9efe9d3db20852b76c
- SSDEEP
  
  12288:v5kJ7Mj7pvwIQRdVoZ9NVlfndzfiX6gIGPQG+U:v5C4jVvW89N7fndzfpgFQG+
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometpersistencerattrojanupx

© 2018-2024

Terms | Privacy