darkcomet | ad6fcf4a231bff5ee836db8c4bdf7ac98ba8a9413bb48453fbae5d632f95a39e | Triage

Sharing

General

Target

21fa71d137ed0a46c285779ca6b21621_JaffaCakes118
Size

1.2MB
Sample

240703-l83j9s1hjl
MD5

21fa71d137ed0a46c285779ca6b21621
SHA1

db1e622ea120cd641e22006a4751828068b1456f
SHA256

ad6fcf4a231bff5ee836db8c4bdf7ac98ba8a9413bb48453fbae5d632f95a39e
SHA512

4a705ef8df1456977a9abca809d61c9d812ede009544e49186a144b80009a971c3cf4f2fd6accf1c5d12d81cf49c46504d3ec8757164416210b39d484d8026ee
SSDEEP

24576:N9b43uulbFyueIFW2KFXAOzCQ9HSAUt9OCGTxJu9HyICQr:z4FFkIbK1zPJSAdTxEhVBr

Score

10^/10

darkcomet persistence rat trojan

Malware Config

Targets

- Target
  
  21fa71d137ed0a46c285779ca6b21621_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  21fa71d137ed0a46c285779ca6b21621
- SHA1
  
  db1e622ea120cd641e22006a4751828068b1456f
- SHA256
  
  ad6fcf4a231bff5ee836db8c4bdf7ac98ba8a9413bb48453fbae5d632f95a39e
- SHA512
  
  4a705ef8df1456977a9abca809d61c9d812ede009544e49186a144b80009a971c3cf4f2fd6accf1c5d12d81cf49c46504d3ec8757164416210b39d484d8026ee
- SSDEEP
  
  24576:N9b43uulbFyueIFW2KFXAOzCQ9HSAUt9OCGTxJu9HyICQr:z4FFkIbK1zPJSAdTxEhVBr
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan