darkcomet | 53e3a6c30a9afc46e68af8c105f43e199e139c422abb0e2bf0f51a6fb4c8ef48 | Triage

Sharing

General

Target

5a8968b14bc1e9c21add9021c89a2e2f_JaffaCakes118
Size

1.6MB
Sample

240719-fhkzmstcmj
MD5

5a8968b14bc1e9c21add9021c89a2e2f
SHA1

49a84fab07f42639255ed6effdba70cc1e44aff1
SHA256

53e3a6c30a9afc46e68af8c105f43e199e139c422abb0e2bf0f51a6fb4c8ef48
SHA512

15f6d18cd2d240e376690a4a3dff637a22d0a5026caa2662c8a59373d7475a2bef8b4380f4d740ac0cc6eb90c0f11bb8703364fd282e8ae8b67fe9e3aaf6d728
SSDEEP

24576:fpN7TsakOkW14dL7CVDCDjtCuriUsYRbgaUyURZaAxvMGq3bvt/LfA:Hoaq44dL7C5mNRDMxvM3bl/E

Score

10^/10

darkcomet evasion rat trojan

Malware Config

Targets

- Target
  
  5a8968b14bc1e9c21add9021c89a2e2f_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  5a8968b14bc1e9c21add9021c89a2e2f
- SHA1
  
  49a84fab07f42639255ed6effdba70cc1e44aff1
- SHA256
  
  53e3a6c30a9afc46e68af8c105f43e199e139c422abb0e2bf0f51a6fb4c8ef48
- SHA512
  
  15f6d18cd2d240e376690a4a3dff637a22d0a5026caa2662c8a59373d7475a2bef8b4380f4d740ac0cc6eb90c0f11bb8703364fd282e8ae8b67fe9e3aaf6d728
- SSDEEP
  
  24576:fpN7TsakOkW14dL7CVDCDjtCuriUsYRbgaUyURZaAxvMGq3bvt/LfA:Hoaq44dL7C5mNRDMxvM3bl/E
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Drops file in Drivers directory
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Program crash
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan