darkcomet | b766489dbd8ea333756a1df022d1e851333618c199c41ecea3a67ea3a551ce27 | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...68.exe

windows7-x64

JaffaCakes...68.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_0191a36ed0090542a322d6ca3e3e0d68
Size

597KB
Sample

250121-devcssspcj
MD5

0191a36ed0090542a322d6ca3e3e0d68
SHA1

25792fd54f78dba5e5efa03114bcfea295913c05
SHA256

b766489dbd8ea333756a1df022d1e851333618c199c41ecea3a67ea3a551ce27
SHA512

6966dc9ebb651d520231a386fccb83558cf305c2e60960e34b0ceac095bae4ef72bbc401d096ee829c5d036ec513a3b4f7777cc8a1db40fd1ba0003986e7e6c6
SSDEEP

12288:we/IlIXY61W1ijMBY4GJm7RD6lxA6uSimnyHinmWo+dS64JIU9QZTNQA:3G612BY4Sm7RunA6uunUmmpTV9o

Score

10^/10

darkcomet discovery persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_0191a36ed0090542a322d6ca3e3e0d68.exe

Resource

win7-20240903-en

darkcomet discovery persistence rat trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_0191a36ed0090542a322d6ca3e3e0d68.exe

Resource

win10v2004-20241007-en

darkcomet discovery persistence rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_0191a36ed0090542a322d6ca3e3e0d68
- Size
  
  597KB
- MD5
  
  0191a36ed0090542a322d6ca3e3e0d68
- SHA1
  
  25792fd54f78dba5e5efa03114bcfea295913c05
- SHA256
  
  b766489dbd8ea333756a1df022d1e851333618c199c41ecea3a67ea3a551ce27
- SHA512
  
  6966dc9ebb651d520231a386fccb83558cf305c2e60960e34b0ceac095bae4ef72bbc401d096ee829c5d036ec513a3b4f7777cc8a1db40fd1ba0003986e7e6c6
- SSDEEP
  
  12288:we/IlIXY61W1ijMBY4GJm7RD6lxA6uSimnyHinmWo+dS64JIU9QZTNQA:3G612BY4Sm7RunA6uunUmmpTV9o
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Blocklisted process makes network request
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Molebox Virtualization software
  Detects file using Molebox Virtualization software.
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy