darkcomet | 668bea6440d7fd00d66634d52a81c74f6adce39cbb23941d5387c1864f5084f2 | Triage

Sharing

General

Target

JaffaCakes118_14f20e80c9c0b26ac7ec19a031e04f44
Size

773KB
Sample

250123-h738mazper
MD5

14f20e80c9c0b26ac7ec19a031e04f44
SHA1

a5321cf59576ff953507f18e06d88de66dd28a55
SHA256

668bea6440d7fd00d66634d52a81c74f6adce39cbb23941d5387c1864f5084f2
SHA512

41750f106ed747a5a5d94104d6594619b9e48bff3150cc34f698040ed3057935072bbdd496213513431747d2a02a181ec82dc22eb0ac6ad1691dcd5705ef29e2
SSDEEP

12288:4nEz6xzUj4DAXf7iD0LqRPLWXt1HOXoKxRDgTEN7mxj6lEicQnTmx/wr1k2EO24g:4aP7ii59Y8wZkR34B+OJaXKLTPuEtO

Score

10^/10

darkcomet hawkeye discovery keylogger persistence rat spyware stealer trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_14f20e80c9c0b26ac7ec19a031e04f44
- Size
  
  773KB
- MD5
  
  14f20e80c9c0b26ac7ec19a031e04f44
- SHA1
  
  a5321cf59576ff953507f18e06d88de66dd28a55
- SHA256
  
  668bea6440d7fd00d66634d52a81c74f6adce39cbb23941d5387c1864f5084f2
- SHA512
  
  41750f106ed747a5a5d94104d6594619b9e48bff3150cc34f698040ed3057935072bbdd496213513431747d2a02a181ec82dc22eb0ac6ad1691dcd5705ef29e2
- SSDEEP
  
  12288:4nEz6xzUj4DAXf7iD0LqRPLWXt1HOXoKxRDgTEN7mxj6lEicQnTmx/wr1k2EO24g:4aP7ii59Y8wZkR34B+OJaXKLTPuEtO
Score

10^/10

darkcomet hawkeye discovery keylogger persistence rat spyware stealer trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Hawkeye family
  hawkeye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomethawkeyediscoverykeyloggerpersistenceratspywarestealertrojan

behavioral2

hawkeyediscoverykeyloggerpersistencespywarestealertrojan