darkcomet | 22958ccd515d58690de6f31678ad466571318066c63bb714154e724010a94eb0 | Triage

Sharing

General

Target

ab06a58820fc4737bf0f2d0964b41083_JaffaCakes118
Size

747KB
Sample

240819-pnxp3axdnm
MD5

ab06a58820fc4737bf0f2d0964b41083
SHA1

efd19604663c07542ffee9101ef78a1c072ffe05
SHA256

22958ccd515d58690de6f31678ad466571318066c63bb714154e724010a94eb0
SHA512

4eb76333d568392dd16733d6acecb16a49eeaf601534b6364f84ddb93eb890ae527dde81400cd23094c3f9d39023e41403b64b458fe7d4417179c21c24abf9f0
SSDEEP

12288:46A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhcSsvv:9AmBpVKHu0Mu9Xo20VGLVP5Yvv

Score

10^/10

darkcomet discovery evasion persistence rat trojan

Malware Config

Targets

- Target
  
  ab06a58820fc4737bf0f2d0964b41083_JaffaCakes118
- Size
  
  747KB
- MD5
  
  ab06a58820fc4737bf0f2d0964b41083
- SHA1
  
  efd19604663c07542ffee9101ef78a1c072ffe05
- SHA256
  
  22958ccd515d58690de6f31678ad466571318066c63bb714154e724010a94eb0
- SHA512
  
  4eb76333d568392dd16733d6acecb16a49eeaf601534b6364f84ddb93eb890ae527dde81400cd23094c3f9d39023e41403b64b458fe7d4417179c21c24abf9f0
- SSDEEP
  
  12288:46A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhcSsvv:9AmBpVKHu0Mu9Xo20VGLVP5Yvv
Score

10^/10

darkcomet discovery evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionpersistencerattrojan

behavioral2

darkcometdiscoveryevasionpersistencerattrojan