darkcomet | 0985f6dee6b78ecad2d409776ef1fa5a1910355d0c2fd75507361ef42f0e15e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

669a8820f42031e50a160933f8562201_JaffaCakes118
Size

1.2MB
Sample

240723-hyll8atcpb
MD5

669a8820f42031e50a160933f8562201
SHA1

83aaccd7330ed876b0ff2362c3a9b5744759ce2d
SHA256

0985f6dee6b78ecad2d409776ef1fa5a1910355d0c2fd75507361ef42f0e15e0
SHA512

a108dfd367613d7f5e453227a7ac9293214e61e8545bb6565ec4a2bfc4038018f7cd8de3b470cf67e315a8f523df15adbd23b547667b6d77de8e9378b835f8d3
SSDEEP

24576:dweJp94oubd7seByJ3y0n2BZieWEIefGf11rWHT1MYpVknRNZI9AK:dzj4oAvMCIX9A5

Score

10^/10

darkcomet evasion persistence rat trojan

Malware Config

Targets

- Target
  
  669a8820f42031e50a160933f8562201_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  669a8820f42031e50a160933f8562201
- SHA1
  
  83aaccd7330ed876b0ff2362c3a9b5744759ce2d
- SHA256
  
  0985f6dee6b78ecad2d409776ef1fa5a1910355d0c2fd75507361ef42f0e15e0
- SHA512
  
  a108dfd367613d7f5e453227a7ac9293214e61e8545bb6565ec4a2bfc4038018f7cd8de3b470cf67e315a8f523df15adbd23b547667b6d77de8e9378b835f8d3
- SSDEEP
  
  24576:dweJp94oubd7seByJ3y0n2BZieWEIefGf11rWHT1MYpVknRNZI9AK:dzj4oAvMCIX9A5
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojan

behavioral2

darkcometevasionpersistencerattrojan