darkcomet | 43c1580313aa7402fa73a8765479800a6e5adc77e4fae6a573643d3b7163b1e3 | Triage

Sharing

General

Target

43c1580313aa7402fa73a8765479800a6e5adc77e4fae6a573643d3b7163b1e3
Size

757KB
Sample

220919-j1a4yabfck
MD5

5b6c2380d485e135ae0a557c411d9be3
SHA1

1a95c16d0e67926dc90dbfe333989331a1782f47
SHA256

43c1580313aa7402fa73a8765479800a6e5adc77e4fae6a573643d3b7163b1e3
SHA512

921f35f39e085ee297de57fe764a893e174f21e57a90ff8480b41ed435fb53e8e91e8086005eaee792c35de24c9af7c82de5b499c9b3da3ce4d1d2a98125833a
SSDEEP

12288:v9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK7Qb:VAQ6Zx9cxTmOrucTIEFSpOGh

Score

10^/10

darkcomet evasion persistence rat trojan

Malware Config

Targets

- Target
  
  43c1580313aa7402fa73a8765479800a6e5adc77e4fae6a573643d3b7163b1e3
- Size
  
  757KB
- MD5
  
  5b6c2380d485e135ae0a557c411d9be3
- SHA1
  
  1a95c16d0e67926dc90dbfe333989331a1782f47
- SHA256
  
  43c1580313aa7402fa73a8765479800a6e5adc77e4fae6a573643d3b7163b1e3
- SHA512
  
  921f35f39e085ee297de57fe764a893e174f21e57a90ff8480b41ed435fb53e8e91e8086005eaee792c35de24c9af7c82de5b499c9b3da3ce4d1d2a98125833a
- SSDEEP
  
  12288:v9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK7Qb:VAQ6Zx9cxTmOrucTIEFSpOGh
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojan

behavioral2

darkcometevasionpersistencerattrojan