darkcomet | f977ef11e8cafc36f65eac224eb6beb3da9e210376f529ab193e55e9d9b689a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

43f37415ce...18.exe

windows7-x64

43f37415ce...18.exe

windows10-2004-x64

Sharing

General

Target

43f37415ce56073c5259ee06325c9561_JaffaCakes118
Size

374KB
Sample

241014-yskqqsxerq
MD5

43f37415ce56073c5259ee06325c9561
SHA1

9a52363cc87982db4389e66afc23d3d5b19ca120
SHA256

f977ef11e8cafc36f65eac224eb6beb3da9e210376f529ab193e55e9d9b689a4
SHA512

23cd1519ce284497f5ff6155415ae5fc137ea4346490ddc48b4760f85350b680b9de8a7d7f46beb1587ba8e996fe4316c10c2fa5f4c09ae9bcaf923b3d42867a
SSDEEP

6144:CMjLpLlFnV2VsUqiifR55Aj4wWHA90EVb2/1T6LHcGQ2s8Yg6FxOp63RPE9YG8yH:vt8VtqiifjOj4wWcLbY6zRo8COpExgYG

Score

10^/10

darkcomet discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

43f37415ce56073c5259ee06325c9561_JaffaCakes118.exe

Resource

win7-20240708-en

darkcomet discovery persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

43f37415ce56073c5259ee06325c9561_JaffaCakes118.exe

Resource

win10v2004-20241007-en

darkcomet discovery persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  43f37415ce56073c5259ee06325c9561_JaffaCakes118
- Size
  
  374KB
- MD5
  
  43f37415ce56073c5259ee06325c9561
- SHA1
  
  9a52363cc87982db4389e66afc23d3d5b19ca120
- SHA256
  
  f977ef11e8cafc36f65eac224eb6beb3da9e210376f529ab193e55e9d9b689a4
- SHA512
  
  23cd1519ce284497f5ff6155415ae5fc137ea4346490ddc48b4760f85350b680b9de8a7d7f46beb1587ba8e996fe4316c10c2fa5f4c09ae9bcaf923b3d42867a
- SSDEEP
  
  6144:CMjLpLlFnV2VsUqiifR55Aj4wWHA90EVb2/1T6LHcGQ2s8Yg6FxOp63RPE9YG8yH:vt8VtqiifjOj4wWcLbY6zRo8COpExgYG
Score

10^/10

darkcomet discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojanupx

behavioral2

darkcometdiscoverypersistencerattrojanupx

© 2018-2024

Terms | Privacy