darkcomet | e3a4240a3c3a0739560d095c821c33a3545f207b2de2c4cbffa8153ee5ad611b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ad65cafb88d831d64eeafcf53681bd9_JaffaCakes118
Size

877KB
Sample

241009-e4hkza1dlb
MD5

2ad65cafb88d831d64eeafcf53681bd9
SHA1

be8e077f6c6c1043c6fc756d923cef0526454f96
SHA256

e3a4240a3c3a0739560d095c821c33a3545f207b2de2c4cbffa8153ee5ad611b
SHA512

a88921c5d475004c800cd5d77b945256f5282075778ffb0b0faae26a28167c6df9f1f7915bddce7eb6011e4d0c55b0637d52f70bee8b0469e7bc1eb9e44f98fd
SSDEEP

24576:MszkbXq6L4q9ifFmFuY9Q5HPxWXOfuiVsCP:TgbXv4ptPY9HOfpVfP

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  2ad65cafb88d831d64eeafcf53681bd9_JaffaCakes118
- Size
  
  877KB
- MD5
  
  2ad65cafb88d831d64eeafcf53681bd9
- SHA1
  
  be8e077f6c6c1043c6fc756d923cef0526454f96
- SHA256
  
  e3a4240a3c3a0739560d095c821c33a3545f207b2de2c4cbffa8153ee5ad611b
- SHA512
  
  a88921c5d475004c800cd5d77b945256f5282075778ffb0b0faae26a28167c6df9f1f7915bddce7eb6011e4d0c55b0637d52f70bee8b0469e7bc1eb9e44f98fd
- SSDEEP
  
  24576:MszkbXq6L4q9ifFmFuY9Q5HPxWXOfuiVsCP:TgbXv4ptPY9HOfpVfP
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan