darkcomet | c9080a002d0b7151f41a005e0cb56a124470b9325d10011c61ad153ad289b9ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c9080a002d0b7151f41a005e0cb56a124470b9325d10011c61ad153ad289b9ef
Size

881KB
Sample

221203-qhw21sda87
MD5

30c9749d1561d80b6bf9bb3089e68bf7
SHA1

420248d818c5b67f4dcdecd98034aec579b1faf6
SHA256

c9080a002d0b7151f41a005e0cb56a124470b9325d10011c61ad153ad289b9ef
SHA512

a33367137f33c69965498461afd1a4d6417659284a49f08ffabdb70bd1708be673f28047c695871338d6837b9f9ddcfe503565fd1ef7343ea20aa1e655fb0825
SSDEEP

12288:1TZUrhi6HEVrXSDhxQp8Oj3tzilONY71SSIeogqy2GFzxN78beVapW/Uu98:Xig6kVruhxy8ctzvu0JeogybeVadU8

Score

10^/10

darkcomet evasion persistence rat trojan

Malware Config

Targets

- Target
  
  c9080a002d0b7151f41a005e0cb56a124470b9325d10011c61ad153ad289b9ef
- Size
  
  881KB
- MD5
  
  30c9749d1561d80b6bf9bb3089e68bf7
- SHA1
  
  420248d818c5b67f4dcdecd98034aec579b1faf6
- SHA256
  
  c9080a002d0b7151f41a005e0cb56a124470b9325d10011c61ad153ad289b9ef
- SHA512
  
  a33367137f33c69965498461afd1a4d6417659284a49f08ffabdb70bd1708be673f28047c695871338d6837b9f9ddcfe503565fd1ef7343ea20aa1e655fb0825
- SSDEEP
  
  12288:1TZUrhi6HEVrXSDhxQp8Oj3tzilONY71SSIeogqy2GFzxN78beVapW/Uu98:Xig6kVruhxy8ctzvu0JeogybeVadU8
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojan

behavioral2

darkcometevasionpersistencerattrojan