darkcomet | c5ba9e37c0074db170b67a7aaee205ef5c42860afb7b2ba39c48f817439c1d30 | Triage

Submit
Reports

Overview

overview

Static

static

3

20291e95a7...18.exe

windows7-x64

20291e95a7...18.exe

windows10-2004-x64

3

Sharing

General

Target

20291e95a785699a6d8984ad5c007a7d_JaffaCakes118
Size

699KB
Sample

240702-vsm93sxarj
MD5

20291e95a785699a6d8984ad5c007a7d
SHA1

5235fd1e13ae7d352881fec0d67364b171592634
SHA256

c5ba9e37c0074db170b67a7aaee205ef5c42860afb7b2ba39c48f817439c1d30
SHA512

dbab86649ce5d764584b3a0f9943f82d146be577a67ec0259ca097841fe57ba67d9843cebc4e7b46a57b77759e33a243e81b0b9043515af0fe7e04121ae07464
SSDEEP

12288:0NcbhMgr6HwUAJXFKgPR0xH/6G0znMXbXfF32ikcb/ySis065Tbot2H0SNk1:0N6hfGuXPM/HCqbXt3rlbKSis0sb/HNi

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

20291e95a785699a6d8984ad5c007a7d_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet persistence rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

20291e95a785699a6d8984ad5c007a7d_JaffaCakes118.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  20291e95a785699a6d8984ad5c007a7d_JaffaCakes118
- Size
  
  699KB
- MD5
  
  20291e95a785699a6d8984ad5c007a7d
- SHA1
  
  5235fd1e13ae7d352881fec0d67364b171592634
- SHA256
  
  c5ba9e37c0074db170b67a7aaee205ef5c42860afb7b2ba39c48f817439c1d30
- SHA512
  
  dbab86649ce5d764584b3a0f9943f82d146be577a67ec0259ca097841fe57ba67d9843cebc4e7b46a57b77759e33a243e81b0b9043515af0fe7e04121ae07464
- SSDEEP
  
  12288:0NcbhMgr6HwUAJXFKgPR0xH/6G0znMXbXfF32ikcb/ySis065Tbot2H0SNk1:0N6hfGuXPM/HCqbXt3rlbKSis0sb/HNi
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

© 2018-2024

Terms | Privacy