darkcomet | 9fe0b3c48c9b0b6d03ad8e14a2d4ab4aeb1afe8d927bb0d7ff70dc3afed9fb51 | Triage

Sharing

General

Target

1b99e4e8dab8b3569e38c909599c7667_JaffaCakes118
Size

756KB
Sample

241007-flqdjaxbpr
MD5

1b99e4e8dab8b3569e38c909599c7667
SHA1

4bf79011dbbd8b52f022f4e9924ea5735e9e2a8a
SHA256

9fe0b3c48c9b0b6d03ad8e14a2d4ab4aeb1afe8d927bb0d7ff70dc3afed9fb51
SHA512

9432cf589db2d6ec7fa9b06eb2586c2480acf6a0eb3f64a1530140299ecd73bb2aa6324a3c7e41e49efa2d1642b49878bcb86926701b164eecfcacb11bc830d6
SSDEEP

12288:A9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKFqMd0QZh9u:mAQ6Zx9cxTmOrucTIEFSpOGkD0QZh9u

Score

10^/10

darkcomet discovery evasion rat trojan

Malware Config

Targets

- Target
  
  1b99e4e8dab8b3569e38c909599c7667_JaffaCakes118
- Size
  
  756KB
- MD5
  
  1b99e4e8dab8b3569e38c909599c7667
- SHA1
  
  4bf79011dbbd8b52f022f4e9924ea5735e9e2a8a
- SHA256
  
  9fe0b3c48c9b0b6d03ad8e14a2d4ab4aeb1afe8d927bb0d7ff70dc3afed9fb51
- SHA512
  
  9432cf589db2d6ec7fa9b06eb2586c2480acf6a0eb3f64a1530140299ecd73bb2aa6324a3c7e41e49efa2d1642b49878bcb86926701b164eecfcacb11bc830d6
- SSDEEP
  
  12288:A9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKFqMd0QZh9u:mAQ6Zx9cxTmOrucTIEFSpOGkD0QZh9u
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionrattrojan

behavioral2

darkcometdiscoveryevasionrattrojan