darkcomet | 531e345a9927e0f432901d647205acc7ff64680247450c5f3148e3efa49d6aa4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00d3f25a1010b35bfea355514182831f_JaffaCakes118
Size

723KB
Sample

240930-mcyf4szbrp
MD5

00d3f25a1010b35bfea355514182831f
SHA1

13e70d4b60bc745d86da1f8f853ca0dc29501467
SHA256

531e345a9927e0f432901d647205acc7ff64680247450c5f3148e3efa49d6aa4
SHA512

f7af890aa4996dc1d20c16fdae7c54d7fff16c1f6099cf6ed40675c08ba86efa47e75752b47db316b1b6a82bc6111ef598ce247dfd1976b4c1909be433c06521
SSDEEP

12288:fp9ioxg9b6PQhWfNpBzsH4Q8V5bF18Hri+AQqJ04MvcfZBhFM+QHHGE:fp97i9mPQgrmkhmGnQc04GcfZBrM/mE

Score

10^/10

darkcomet discovery evasion rat trojan

Malware Config

Targets

- Target
  
  00d3f25a1010b35bfea355514182831f_JaffaCakes118
- Size
  
  723KB
- MD5
  
  00d3f25a1010b35bfea355514182831f
- SHA1
  
  13e70d4b60bc745d86da1f8f853ca0dc29501467
- SHA256
  
  531e345a9927e0f432901d647205acc7ff64680247450c5f3148e3efa49d6aa4
- SHA512
  
  f7af890aa4996dc1d20c16fdae7c54d7fff16c1f6099cf6ed40675c08ba86efa47e75752b47db316b1b6a82bc6111ef598ce247dfd1976b4c1909be433c06521
- SSDEEP
  
  12288:fp9ioxg9b6PQhWfNpBzsH4Q8V5bF18Hri+AQqJ04MvcfZBhFM+QHHGE:fp97i9mPQgrmkhmGnQc04GcfZBrM/mE
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionrattrojan

behavioral2