darkcomet | 6a0ecc8419dff867270debf2367e20193258e2301cfcae8e94e4bc1da6f53d58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a0ecc8419dff867270debf2367e20193258e2301cfcae8e94e4bc1da6f53d58
Size

659KB
Sample

221003-hshndadhaq
MD5

4d3ab1638173459fe8c9192ebffa9ebb
SHA1

1a5bbaebf91ca1dd1fd55830eab5e62c78c4520f
SHA256

6a0ecc8419dff867270debf2367e20193258e2301cfcae8e94e4bc1da6f53d58
SHA512

c83d3e2c32729007e061870ded887a3a5ff18fa2c0622d2e016b79f3e467832e99db74c050bb7f0b9da4d7d5a904bd693f5c4d64afbf32d8038a27d2cc67ee80
SSDEEP

12288:h9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKb:XAQ6Zx9cxTmOrucTIEFSpOG+

Score

10^/10

darkcomet evasion persistence rat trojan

Malware Config

Targets

- Target
  
  6a0ecc8419dff867270debf2367e20193258e2301cfcae8e94e4bc1da6f53d58
- Size
  
  659KB
- MD5
  
  4d3ab1638173459fe8c9192ebffa9ebb
- SHA1
  
  1a5bbaebf91ca1dd1fd55830eab5e62c78c4520f
- SHA256
  
  6a0ecc8419dff867270debf2367e20193258e2301cfcae8e94e4bc1da6f53d58
- SHA512
  
  c83d3e2c32729007e061870ded887a3a5ff18fa2c0622d2e016b79f3e467832e99db74c050bb7f0b9da4d7d5a904bd693f5c4d64afbf32d8038a27d2cc67ee80
- SSDEEP
  
  12288:h9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKb:XAQ6Zx9cxTmOrucTIEFSpOG+
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojan

behavioral2

darkcometevasionpersistencerattrojan