darkcomet | 3d2321a32bb4b343b3d2bfd88485fb7bfa4d2bbb3706478cf0a136c03e770cbc | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

67335e841f...18.exe

windows7-x64

67335e841f...18.exe

windows10-2004-x64

Sharing

General

Target

67335e841fc21e63098b0a32d295e30d_JaffaCakes118
Size

1012KB
Sample

240723-mg2pbs1crf
MD5

67335e841fc21e63098b0a32d295e30d
SHA1

27bade2855683b409ee994e69b20599683ab07bf
SHA256

3d2321a32bb4b343b3d2bfd88485fb7bfa4d2bbb3706478cf0a136c03e770cbc
SHA512

37853aecb67696673abe1579b498c77cb3b4cfd6193394ce140aff4ceac8bda2450b719c913101618e4453d4ed1983160e23930fca2a5bd34c3c0ad76906ce47
SSDEEP

24576:9vXCPhdAB9yG+iua3FT7pUSdRrHIQ7YhFB5rj:96pi9yv7fAa

Score

10^/10

darkcomet latentbot evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

67335e841fc21e63098b0a32d295e30d_JaffaCakes118.exe

Resource

win7-20240704-en

darkcomet latentbot evasion persistence rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

67335e841fc21e63098b0a32d295e30d_JaffaCakes118.exe

Resource

win10v2004-20240709-en

darkcomet latentbot evasion persistence rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

deuscrypter.zapto.org

Targets

- Target
  
  67335e841fc21e63098b0a32d295e30d_JaffaCakes118
- Size
  
  1012KB
- MD5
  
  67335e841fc21e63098b0a32d295e30d
- SHA1
  
  27bade2855683b409ee994e69b20599683ab07bf
- SHA256
  
  3d2321a32bb4b343b3d2bfd88485fb7bfa4d2bbb3706478cf0a136c03e770cbc
- SHA512
  
  37853aecb67696673abe1579b498c77cb3b4cfd6193394ce140aff4ceac8bda2450b719c913101618e4453d4ed1983160e23930fca2a5bd34c3c0ad76906ce47
- SSDEEP
  
  24576:9vXCPhdAB9yG+iua3FT7pUSdRrHIQ7YhFB5rj:96pi9yv7fAa
Score

10^/10

darkcomet latentbot evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotevasionpersistencerattrojan

behavioral2

darkcometlatentbotevasionpersistencerattrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.