darkcomet | f906013f06983cb53b50c8fc99057d88a2ba18e89b601224a738a059ed508f36 | Triage

Submit
Reports

Overview

overview

Static

static

3

873de7055a...18.exe

windows7-x64

873de7055a...18.exe

windows10-2004-x64

Sharing

General

Target

873de7055a13ff974becb96df17c794d_JaffaCakes118
Size

1.2MB
Sample

241102-x3r25ashld
MD5

873de7055a13ff974becb96df17c794d
SHA1

33510f7c3b5b46a7728318f70bedb8ac38c4f41e
SHA256

f906013f06983cb53b50c8fc99057d88a2ba18e89b601224a738a059ed508f36
SHA512

824b29502c978b24a867d92a43aa030c4f773c1a0ff36f6ee6c9ec2f7d8d8bc7ffb4dc1a4ae31e7438177aeed0f1f958e0c36713d09a20722dc8fa578b8b0214
SSDEEP

12288:cRU5FD7S4NmkTSZ7GPFV/jtaFnAF5hl4DVGNNO4xJUVhfBncZPRhQdpueonditqD:LuyUsxj0nE4hAMfe+pOndinet

Score

10^/10

darkcomet discovery evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

873de7055a13ff974becb96df17c794d_JaffaCakes118.exe

Resource

win7-20240903-en

darkcomet discovery evasion rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

873de7055a13ff974becb96df17c794d_JaffaCakes118.exe

Resource

win10v2004-20241007-en

darkcomet discovery evasion rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  873de7055a13ff974becb96df17c794d_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  873de7055a13ff974becb96df17c794d
- SHA1
  
  33510f7c3b5b46a7728318f70bedb8ac38c4f41e
- SHA256
  
  f906013f06983cb53b50c8fc99057d88a2ba18e89b601224a738a059ed508f36
- SHA512
  
  824b29502c978b24a867d92a43aa030c4f773c1a0ff36f6ee6c9ec2f7d8d8bc7ffb4dc1a4ae31e7438177aeed0f1f958e0c36713d09a20722dc8fa578b8b0214
- SSDEEP
  
  12288:cRU5FD7S4NmkTSZ7GPFV/jtaFnAF5hl4DVGNNO4xJUVhfBncZPRhQdpueonditqD:LuyUsxj0nE4hAMfe+pOndinet
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Windows security bypass
  evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionrattrojan

behavioral2

darkcometdiscoveryevasionrattrojan

© 2018-2024

Terms | Privacy