darkcomet | 76ad742cdd3171559091f30f6483e23e3635c8b25e4edfa6b557ec92914502a5 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...c2.exe

windows7-x64

JaffaCakes...c2.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_766960724e07eb982c982fc86a1141c2
Size

1.3MB
Sample

250116-pr6r5s1nhl
MD5

766960724e07eb982c982fc86a1141c2
SHA1

e481922d7fdec7634229d4c772136329173f238f
SHA256

76ad742cdd3171559091f30f6483e23e3635c8b25e4edfa6b557ec92914502a5
SHA512

dbfdecdb9e47014ad7da5008f5387a50909b6415520ab1c84a62fec64fce0b672a2250f81124bd586e1b8e7be874c3fb375adb4ebe4bcd1b0cac5e36896f791c
SSDEEP

24576:7eMXpgE2fp4KTdekeMXpgE2fp4KTde0YqoWfVeRhLh7hesvzRkoW:NXtsPXtsVYjWfWhLh7hVbRlW

Score

10^/10

darkcomet latentbot discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_766960724e07eb982c982fc86a1141c2.exe

Resource

win7-20240903-en

darkcomet latentbot discovery persistence rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_766960724e07eb982c982fc86a1141c2.exe

Resource

win10v2004-20241007-en

darkcomet latentbot discovery persistence rat trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

latentbot

C2

gniewkowiec0359.zapto.org

Targets

- Target
  
  JaffaCakes118_766960724e07eb982c982fc86a1141c2
- Size
  
  1.3MB
- MD5
  
  766960724e07eb982c982fc86a1141c2
- SHA1
  
  e481922d7fdec7634229d4c772136329173f238f
- SHA256
  
  76ad742cdd3171559091f30f6483e23e3635c8b25e4edfa6b557ec92914502a5
- SHA512
  
  dbfdecdb9e47014ad7da5008f5387a50909b6415520ab1c84a62fec64fce0b672a2250f81124bd586e1b8e7be874c3fb375adb4ebe4bcd1b0cac5e36896f791c
- SSDEEP
  
  24576:7eMXpgE2fp4KTdekeMXpgE2fp4KTde0YqoWfVeRhLh7hesvzRkoW:NXtsPXtsVYjWfWhLh7hVbRlW
Score

10^/10

darkcomet latentbot discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotdiscoverypersistencerattrojanupx

behavioral2

darkcometlatentbotdiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy