darkcomet | 97329752b4a2f48fed6e10ec54492c31413fe7148bfe6152bffe49ab4a9c7246 | Triage

Submit
Reports

Overview

overview

Static

static

3

07e44ffcff...18.exe

windows7-x64

07e44ffcff...18.exe

windows10-2004-x64

Sharing

General

Target

07e44ffcffde46ad96eb9c018bed6193_JaffaCakes118
Size

888KB
Sample

240429-ryv1bsdc9s
MD5

07e44ffcffde46ad96eb9c018bed6193
SHA1

43ebee608da73cdc476c773284d1257a4d6fe8ff
SHA256

97329752b4a2f48fed6e10ec54492c31413fe7148bfe6152bffe49ab4a9c7246
SHA512

ec70827ae4267a2340ece89224dd26c98301c64d972d768ff462d8ee84397b8f0571d50afda71b8982fa76ccb88ef7d282d9a7d0e1f31a43c06c6c243c7025e8
SSDEEP

12288:kuOG1pSLsBKa0BBmzmBoJCcsk6TtXGLErHeSVT2j7UyAi46qYIYnnqno8Fyhm0BO:P1UvBqmaJWXTtFrt2XOi46qYICKbCV

Score

10^/10

darkcomet rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

07e44ffcffde46ad96eb9c018bed6193_JaffaCakes118.exe

Resource

win7-20240220-en

darkcomet rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

07e44ffcffde46ad96eb9c018bed6193_JaffaCakes118.exe

Resource

win10v2004-20240419-en

darkcomet rat trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  07e44ffcffde46ad96eb9c018bed6193_JaffaCakes118
- Size
  
  888KB
- MD5
  
  07e44ffcffde46ad96eb9c018bed6193
- SHA1
  
  43ebee608da73cdc476c773284d1257a4d6fe8ff
- SHA256
  
  97329752b4a2f48fed6e10ec54492c31413fe7148bfe6152bffe49ab4a9c7246
- SHA512
  
  ec70827ae4267a2340ece89224dd26c98301c64d972d768ff462d8ee84397b8f0571d50afda71b8982fa76ccb88ef7d282d9a7d0e1f31a43c06c6c243c7025e8
- SSDEEP
  
  12288:kuOG1pSLsBKa0BBmzmBoJCcsk6TtXGLErHeSVT2j7UyAi46qYIYnnqno8Fyhm0BO:P1UvBqmaJWXTtFrt2XOi46qYICKbCV
Score

10^/10

darkcomet rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometrattrojan

behavioral2

darkcometrattrojan

© 2018-2024

Terms | Privacy