darkcomet | 87c17d033b53cca26f96f6058b1629037c632fd036f2ec1c988846b0c08ceef8 | Triage

Submit
Reports

Overview

overview

Static

static

4f84afc78b...18.exe

windows7-x64

4f84afc78b...18.exe

windows10-2004-x64

Sharing

General

Target

4f84afc78b877412709a522bc52aefbf_JaffaCakes118
Size

389KB
Sample

240716-wy5xravbjq
MD5

4f84afc78b877412709a522bc52aefbf
SHA1

6518b24623cea124f9e954df4af260070b5ef4e2
SHA256

87c17d033b53cca26f96f6058b1629037c632fd036f2ec1c988846b0c08ceef8
SHA512

e36d2b7788d3cccf6f256a5e5bc0545b8dceb69f9197e76ea2b5008d24dc7b6437a05d82c735c50dcdf3f5f6d8fa1ac67f9edc10b8f8089c6d58935e11336423
SSDEEP

12288:AR72EqluswR45JTnaEY2Pupd8a2aRTiua:AR7uE4BaEY2Pt

Score

10^/10

darkcomet latentbot evasion persistence rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

4f84afc78b877412709a522bc52aefbf_JaffaCakes118.exe

Resource

win7-20240708-en

darkcomet latentbot evasion persistence rat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f84afc78b877412709a522bc52aefbf_JaffaCakes118.exe

Resource

win10v2004-20240709-en

darkcomet latentbot evasion persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

backdoor2012.zapto.org

Targets

- Target
  
  4f84afc78b877412709a522bc52aefbf_JaffaCakes118
- Size
  
  389KB
- MD5
  
  4f84afc78b877412709a522bc52aefbf
- SHA1
  
  6518b24623cea124f9e954df4af260070b5ef4e2
- SHA256
  
  87c17d033b53cca26f96f6058b1629037c632fd036f2ec1c988846b0c08ceef8
- SHA512
  
  e36d2b7788d3cccf6f256a5e5bc0545b8dceb69f9197e76ea2b5008d24dc7b6437a05d82c735c50dcdf3f5f6d8fa1ac67f9edc10b8f8089c6d58935e11336423
- SSDEEP
  
  12288:AR72EqluswR45JTnaEY2Pupd8a2aRTiua:AR7uE4BaEY2Pt
Score

10^/10

darkcomet latentbot evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Modifies WinLogon for persistence
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotevasionpersistencerattrojanupx

behavioral2

darkcometlatentbotevasionpersistencerattrojanupx

© 2018-2025

Terms | Privacy