darkcomet | 0ea12df170175a98f120d5a164166c23e653fa365bf0210b2afb390ca49c4212 | Triage

Sharing

General

Target

022c5069fda108892259bc8c69e7a156_JaffaCakes118
Size

992KB
Sample

240622-pylqjsycrc
MD5

022c5069fda108892259bc8c69e7a156
SHA1

0a207a85690444df224ea3fd0c798bbb87c2230e
SHA256

0ea12df170175a98f120d5a164166c23e653fa365bf0210b2afb390ca49c4212
SHA512

82979d4d2ce780da195c4fc667c422006e3bab5a143e410418fedc5289972097ee9dcfca6ac56f435f26ae5b2d6dc49566b7b55013a88397756a35a6a690ca25
SSDEEP

24576:/6N4QRDMo8xW2CBRzmFUShpZMAKDJGlrWv79j0V7efdv:/24wMZW9mF73aD2Sv7Fnlv

Score

10^/10

darkcomet rat trojan

Malware Config

Targets

- Target
  
  022c5069fda108892259bc8c69e7a156_JaffaCakes118
- Size
  
  992KB
- MD5
  
  022c5069fda108892259bc8c69e7a156
- SHA1
  
  0a207a85690444df224ea3fd0c798bbb87c2230e
- SHA256
  
  0ea12df170175a98f120d5a164166c23e653fa365bf0210b2afb390ca49c4212
- SHA512
  
  82979d4d2ce780da195c4fc667c422006e3bab5a143e410418fedc5289972097ee9dcfca6ac56f435f26ae5b2d6dc49566b7b55013a88397756a35a6a690ca25
- SSDEEP
  
  24576:/6N4QRDMo8xW2CBRzmFUShpZMAKDJGlrWv79j0V7efdv:/24wMZW9mF73aD2Sv7Fnlv
Score

10^/10

darkcomet rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometrattrojan

behavioral2

darkcometrattrojan