darkcomet | ac19c2544c4d3270c78bb284fd0dd4dd191bd12e4251f0ecc74ea2790bc42884 | Triage

Submit
Reports

Overview

overview

Static

static

3

8cef8d7045...18.exe

windows7-x64

8cef8d7045...18.exe

windows10-2004-x64

Sharing

General

Target

8cef8d70458de6b9435def470680d262_JaffaCakes118
Size

432KB
Sample

241103-xble9szpg1
MD5

8cef8d70458de6b9435def470680d262
SHA1

23d80bb815db7ceb6bce16875e845724d39112fa
SHA256

ac19c2544c4d3270c78bb284fd0dd4dd191bd12e4251f0ecc74ea2790bc42884
SHA512

b6bf3dcbb7afde6374c55b61ee23abaab1943b6e55e0b7a254bb7e9f22d166dc0e5a4dfeb17bbd6d11cdfcc6fd4a59ea0da041c0aec6881a53eefcb5af13835b
SSDEEP

12288:nRFj60qRr5jdVd9JyxtrpukNd4WQ8B/WMoylhC1YuX:K061dVx+3giWMJo1xX

Score

10^/10

darkcomet aspackv2 discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8cef8d70458de6b9435def470680d262_JaffaCakes118.exe

Resource

win7-20240903-en

darkcomet aspackv2 discovery rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8cef8d70458de6b9435def470680d262_JaffaCakes118.exe

Resource

win10v2004-20241007-en

darkcomet aspackv2 discovery rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  8cef8d70458de6b9435def470680d262_JaffaCakes118
- Size
  
  432KB
- MD5
  
  8cef8d70458de6b9435def470680d262
- SHA1
  
  23d80bb815db7ceb6bce16875e845724d39112fa
- SHA256
  
  ac19c2544c4d3270c78bb284fd0dd4dd191bd12e4251f0ecc74ea2790bc42884
- SHA512
  
  b6bf3dcbb7afde6374c55b61ee23abaab1943b6e55e0b7a254bb7e9f22d166dc0e5a4dfeb17bbd6d11cdfcc6fd4a59ea0da041c0aec6881a53eefcb5af13835b
- SSDEEP
  
  12288:nRFj60qRr5jdVd9JyxtrpukNd4WQ8B/WMoylhC1YuX:K061dVx+3giWMJo1xX
Score

10^/10

darkcomet aspackv2 discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometaspackv2discoveryrattrojan

behavioral2

darkcometaspackv2discoveryrattrojan

© 2018-2024

Terms | Privacy