darkcomet

General

Target

0b2a2fbd1f5941b400a499de24e812fe_JaffaCakes118
Size

1.0MB
Sample

240621-nn3qmsxhkh
MD5

0b2a2fbd1f5941b400a499de24e812fe
SHA1

1fa6e7eeef3c21f81c0dbcaf1c7b357418f374dd
SHA256

6b57825788918635e4fc926ada4c4003260e8614ce2301f326e65d30b9cdb25a
SHA512

351d71bc57e87cf2ed38b65f07863cf100fe5c264c3a32428b57eacc19859d0827b7398f6dd33bcdb60945fe65249399cf40be0a3d759e84869ab8d32e3c2b97
SSDEEP

24576:WyUysEI/X++Z2dsqZPdLDJQ4b9X5UEI//0hTibMtWOFKrbkq7rHxx8Na:WyUI8X+dZJJXj86TgOwr4qfxx8Na

Score

10^/10

Malware Config

Targets

- Target
  
  3D Theme.exe
- Size
  
  830KB
- MD5
  
  8e20c9c9132024b482b6676ba0d71516
- SHA1
  
  c7a54fdefe66306414fcf38b6067e7b34509b214
- SHA256
  
  784d77a9b54b38f08496c1baca5ee49aa99932b09a38c8e55cda1ab69dd4f07d
- SHA512
  
  04510e4064b5c016fd546a57d8a7cd5f7398a9d4d2c941b91a9d77186bf18407905c3575c5caf4c369c042c8147b40cdc024743801813603afa8638e208e00fa
- SSDEEP
  
  12288:QYkDkj4w/eiaqLAMucTVQ3NFuASR5fGSzexNkdeZyfALY0GLGdHXIXRw7Uy9IwHS:BkQj4wmia6VZVgFJxaf06+XIXRbhg+
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Patch.exe
- Size
  
  830KB
- MD5
  
  68d110e365c718b92a939d3f1e1ac4a9
- SHA1
  
  e3dfea3e9eb075702278ebee1f8115cb417467a5
- SHA256
  
  c81fdeaba81b16b7f6e1d08d2269ddb7d8ed6383c174438c72c27c5569190049
- SHA512
  
  271d46b35af607ef04e64b48da38503cd5dcfcc2f038742f3f0c94053c4f299722e1ec91f945179bf7f59e33dc46041d94c02f4dc1384d77e592add101418d3f
- SSDEEP
  
  24576:ZkdK4btrBpuBj3rwhJ/8ktkJilYBfX0+:ZkdxpBpuBTKSktkRlX0+
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3 behavioral4