darkcomet | 15c909bd77da59968dc0755104c6f28ee18dcb7eeacda01473a91b4299a2ed56 | Triage

Sharing

General

Target

15c909bd77da59968dc0755104c6f28ee18dcb7eeacda01473a91b4299a2ed56
Size

732KB
Sample

220919-g648vsgbcr
MD5

ed6d9bf61e94797f9e2105c7748149d7
SHA1

5ef42267e9dec9347568755002f33bc080a92a6e
SHA256

15c909bd77da59968dc0755104c6f28ee18dcb7eeacda01473a91b4299a2ed56
SHA512

5ada3cc314df11638e471e8ebf8b1fa5383a1eb027a1a08f31a3e86aa7d7c5385c09fdb7abff3de3f928b70e5cf174254190a5bc8c4385e6ec077479e6183215
SSDEEP

12288:MpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/:2wAcu99lPzvxP+Bsz2XjWTRMQckkIXn

Score

10^/10

darkcomet rat trojan

Malware Config

Targets

- Target
  
  15c909bd77da59968dc0755104c6f28ee18dcb7eeacda01473a91b4299a2ed56
- Size
  
  732KB
- MD5
  
  ed6d9bf61e94797f9e2105c7748149d7
- SHA1
  
  5ef42267e9dec9347568755002f33bc080a92a6e
- SHA256
  
  15c909bd77da59968dc0755104c6f28ee18dcb7eeacda01473a91b4299a2ed56
- SHA512
  
  5ada3cc314df11638e471e8ebf8b1fa5383a1eb027a1a08f31a3e86aa7d7c5385c09fdb7abff3de3f928b70e5cf174254190a5bc8c4385e6ec077479e6183215
- SSDEEP
  
  12288:MpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/:2wAcu99lPzvxP+Bsz2XjWTRMQckkIXn
Score

10^/10

darkcomet rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometrattrojan

behavioral2

darkcometrattrojan