darkcomet | 952a8b918722a1c01fe28bf5399d5410ede22e48aab8f99a277266c31de9ff76 | Triage

Submit
Reports

Overview

overview

Static

static

f6d70f49f5...18.exe

windows7-x64

f6d70f49f5...18.exe

windows10-2004-x64

Sharing

General

Target

f6d70f49f5591a869286ebe73d8e6a7c_JaffaCakes118
Size

746KB
Sample

240417-3vslksac23
MD5

f6d70f49f5591a869286ebe73d8e6a7c
SHA1

446780aff428eb8f96b136e19c2a3f591b6c1c4f
SHA256

952a8b918722a1c01fe28bf5399d5410ede22e48aab8f99a277266c31de9ff76
SHA512

0a78c9015877c8c80bdaaf671d120098fba9abd1be9a07155e3528c1e901e88b7c3f38ae615524f39242c7c0d05010082c046918afb29e2e16edaf2189f64c03
SSDEEP

12288:Z6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh:8AmBpVKHu0Mu9Xo20VGLVP5

Score

10^/10

darkcomet evasion rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f6d70f49f5591a869286ebe73d8e6a7c_JaffaCakes118.exe

Resource

win7-20240221-en

darkcomet evasion rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

f6d70f49f5591a869286ebe73d8e6a7c_JaffaCakes118.exe

Resource

win10v2004-20240412-en

darkcomet evasion rat trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  f6d70f49f5591a869286ebe73d8e6a7c_JaffaCakes118
- Size
  
  746KB
- MD5
  
  f6d70f49f5591a869286ebe73d8e6a7c
- SHA1
  
  446780aff428eb8f96b136e19c2a3f591b6c1c4f
- SHA256
  
  952a8b918722a1c01fe28bf5399d5410ede22e48aab8f99a277266c31de9ff76
- SHA512
  
  0a78c9015877c8c80bdaaf671d120098fba9abd1be9a07155e3528c1e901e88b7c3f38ae615524f39242c7c0d05010082c046918afb29e2e16edaf2189f64c03
- SSDEEP
  
  12288:Z6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh:8AmBpVKHu0Mu9Xo20VGLVP5
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy