darkcomet | d72a399bdf5600d7abcd008ed5d37cbf71b08046702cd885fac3a0d33adea2da | Triage

Submit
Reports

Overview

overview

Static

static

3

5f71a28d2a...18.exe

windows7-x64

5f71a28d2a...18.exe

windows10-2004-x64

Sharing

General

Target

5f71a28d2a13a4ae52e629cbc623c6e9_JaffaCakes118
Size

1.3MB
Sample

241020-apz49azdqp
MD5

5f71a28d2a13a4ae52e629cbc623c6e9
SHA1

4303496525deacda6a89228561615e9bf9c5d8f2
SHA256

d72a399bdf5600d7abcd008ed5d37cbf71b08046702cd885fac3a0d33adea2da
SHA512

2f60353c3071ab303f9986be77992ce372ecebba08c4c8f682a82fab389931c1640423d4f7ae8b2686bf828e3a130de442a5b5925a1697375e289acf2995653a
SSDEEP

24576:Lmv86/nmFmu9FujCXCedRp3UVqGwAZs1EJ+OcKiu:LRwn9pCSWfEVqGrJji

Score

10^/10

darkcomet discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5f71a28d2a13a4ae52e629cbc623c6e9_JaffaCakes118.exe

Resource

win7-20240903-en

darkcomet discovery rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5f71a28d2a13a4ae52e629cbc623c6e9_JaffaCakes118.exe

Resource

win10v2004-20241007-en

darkcomet discovery rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  5f71a28d2a13a4ae52e629cbc623c6e9_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  5f71a28d2a13a4ae52e629cbc623c6e9
- SHA1
  
  4303496525deacda6a89228561615e9bf9c5d8f2
- SHA256
  
  d72a399bdf5600d7abcd008ed5d37cbf71b08046702cd885fac3a0d33adea2da
- SHA512
  
  2f60353c3071ab303f9986be77992ce372ecebba08c4c8f682a82fab389931c1640423d4f7ae8b2686bf828e3a130de442a5b5925a1697375e289acf2995653a
- SSDEEP
  
  24576:Lmv86/nmFmu9FujCXCedRp3UVqGwAZs1EJ+OcKiu:LRwn9pCSWfEVqGrJji
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan

© 2018-2025

Terms | Privacy