darkcomet | 34c4ff065e80c5e17cf4e0f4480f2fb6b5afc4f415b58e71fcae806d07d5bdc8 | Triage

Submit
Reports

Overview

overview

Static

static

3

f5d6fabdf2...18.exe

windows7-x64

f5d6fabdf2...18.exe

windows10-2004-x64

Sharing

General

Target

f5d6fabdf2ce47f0f48b805a755aa3ce_JaffaCakes118
Size

787KB
Sample

240417-qchbnsgf35
MD5

f5d6fabdf2ce47f0f48b805a755aa3ce
SHA1

7bd3331a8767d521834f1cec7336b3e3737f2b51
SHA256

34c4ff065e80c5e17cf4e0f4480f2fb6b5afc4f415b58e71fcae806d07d5bdc8
SHA512

d86447379bada627104f51c6e2b094c9c4a083851084e456c11297c6328870c659cdf8c8b57b4872f218c4a8b1a18b7a1f5a3d8eecf4988f3f43bfbaf5c95c66
SSDEEP

24576:kICfeW5asHSJ+NGbwzv5ekgIr6Y5icriYi4/:rCfeW5asyYqyv9gImFYia

Score

10^/10

darkcomet evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f5d6fabdf2ce47f0f48b805a755aa3ce_JaffaCakes118.exe

Resource

win7-20231129-en

darkcomet evasion rat trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

f5d6fabdf2ce47f0f48b805a755aa3ce_JaffaCakes118.exe

Resource

win10v2004-20240412-en

darkcomet evasion rat trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  f5d6fabdf2ce47f0f48b805a755aa3ce_JaffaCakes118
- Size
  
  787KB
- MD5
  
  f5d6fabdf2ce47f0f48b805a755aa3ce
- SHA1
  
  7bd3331a8767d521834f1cec7336b3e3737f2b51
- SHA256
  
  34c4ff065e80c5e17cf4e0f4480f2fb6b5afc4f415b58e71fcae806d07d5bdc8
- SHA512
  
  d86447379bada627104f51c6e2b094c9c4a083851084e456c11297c6328870c659cdf8c8b57b4872f218c4a8b1a18b7a1f5a3d8eecf4988f3f43bfbaf5c95c66
- SSDEEP
  
  24576:kICfeW5asHSJ+NGbwzv5ekgIr6Y5icriYi4/:rCfeW5asyYqyv9gImFYia
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2024

Terms | Privacy