darkcomet | 25b9faa0e98219baa584af25043ae37184dc2ab41e30da04f54e0afde2d55c59 | Triage

Submit
Reports

Overview

overview

Static

static

7

e912f3304a...18.exe

windows7-x64

e912f3304a...18.exe

windows10-2004-x64

Sharing

General

Target

e912f3304ad024cd5f372e9841dca40e_JaffaCakes118
Size

302KB
Sample

240918-n8ngfszbmb
MD5

e912f3304ad024cd5f372e9841dca40e
SHA1

6143abd6ae53f88316c3c8b6b8e0a276b350caba
SHA256

25b9faa0e98219baa584af25043ae37184dc2ab41e30da04f54e0afde2d55c59
SHA512

b02724ff3663ca5aa3c7dba9745b04da6123dd7b21e6992a7739f0d8d552e85b116afc54b5fc3d757a821111d63886750f2c32087f657251a4cf54110cd93888
SSDEEP

6144:Aa5jVb60xGvzi4h9XyVyeyD4OQPC4i6mjdee7gkXwztrgUffoS9j:A4jVb60V4CyyPYjdP7gkgzpgUXoS

Score

10^/10

darkcomet latentbot discovery persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e912f3304ad024cd5f372e9841dca40e_JaffaCakes118.exe

Resource

win7-20240903-en

darkcomet latentbot discovery persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

e912f3304ad024cd5f372e9841dca40e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

darkcomet latentbot discovery persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

pertenemene.zapto.org

Targets

- Target
  
  e912f3304ad024cd5f372e9841dca40e_JaffaCakes118
- Size
  
  302KB
- MD5
  
  e912f3304ad024cd5f372e9841dca40e
- SHA1
  
  6143abd6ae53f88316c3c8b6b8e0a276b350caba
- SHA256
  
  25b9faa0e98219baa584af25043ae37184dc2ab41e30da04f54e0afde2d55c59
- SHA512
  
  b02724ff3663ca5aa3c7dba9745b04da6123dd7b21e6992a7739f0d8d552e85b116afc54b5fc3d757a821111d63886750f2c32087f657251a4cf54110cd93888
- SSDEEP
  
  6144:Aa5jVb60xGvzi4h9XyVyeyD4OQPC4i6mjdee7gkXwztrgUffoS9j:A4jVb60V4CyyPYjdP7gkgzpgUXoS
Score

10^/10

darkcomet latentbot discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotdiscoverypersistencerattrojanupx

behavioral2

darkcometlatentbotdiscoverypersistencerattrojanupx

© 2018-2024

Terms | Privacy