darkcomet | a8929b3d5c5a904027ada86379a74de93eb61eaee734eee53848220c8c220b69 | Triage

Sharing

General

Target

JaffaCakes118_b3df1761ad3b759e0759516bbcfc27c5
Size

1.6MB
Sample

250207-gyb74stjhp
MD5

b3df1761ad3b759e0759516bbcfc27c5
SHA1

ba9af5d9c407c527cc568421300302be09ebfdbe
SHA256

a8929b3d5c5a904027ada86379a74de93eb61eaee734eee53848220c8c220b69
SHA512

5ee8d97cd3a977f5bfc7c59b1199e1e8025a22e260328acd124d4dbd0b820a54332ef53a248fb9fe9139902fa57a2b43f28570dcbe4c347a99815150d028c2be
SSDEEP

49152:jhjcapo0JfYDSGvOsUhjcapo0JfYDSGvOs:V9lfYDSYW9lfYDSY

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_b3df1761ad3b759e0759516bbcfc27c5
- Size
  
  1.6MB
- MD5
  
  b3df1761ad3b759e0759516bbcfc27c5
- SHA1
  
  ba9af5d9c407c527cc568421300302be09ebfdbe
- SHA256
  
  a8929b3d5c5a904027ada86379a74de93eb61eaee734eee53848220c8c220b69
- SHA512
  
  5ee8d97cd3a977f5bfc7c59b1199e1e8025a22e260328acd124d4dbd0b820a54332ef53a248fb9fe9139902fa57a2b43f28570dcbe4c347a99815150d028c2be
- SSDEEP
  
  49152:jhjcapo0JfYDSGvOsUhjcapo0JfYDSGvOs:V9lfYDSYW9lfYDSY
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan