darkcomet | e653486060b81df92f5cddfbffaca153a11546905f994358adc296640f20a299 | Triage

Sharing

General

Target

35e68d61778891cd281d1523402fe7d6_JaffaCakes118
Size

752KB
Sample

241011-vlaemsybmp
MD5

35e68d61778891cd281d1523402fe7d6
SHA1

19fb9eb4fd549534e9901750bd4f6b571920b74d
SHA256

e653486060b81df92f5cddfbffaca153a11546905f994358adc296640f20a299
SHA512

bbe1b97bdd52aed354da39eab95cae45c0e437cef8670cdf5f684000e3b4504e6bd2b9ff106af5db811e34e04d1250d1d3eac80898d91318b2f5ba9c563ed31c
SSDEEP

12288:HZdIyY5WGJw5NDQsNZMniH8kVwAm71MqOgsi/fDv6wuMVwsv+X4SUhO7Sevrfe+1:3IyYQTfvY5tAy1MqSOPu4v+ISUhO77

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  35e68d61778891cd281d1523402fe7d6_JaffaCakes118
- Size
  
  752KB
- MD5
  
  35e68d61778891cd281d1523402fe7d6
- SHA1
  
  19fb9eb4fd549534e9901750bd4f6b571920b74d
- SHA256
  
  e653486060b81df92f5cddfbffaca153a11546905f994358adc296640f20a299
- SHA512
  
  bbe1b97bdd52aed354da39eab95cae45c0e437cef8670cdf5f684000e3b4504e6bd2b9ff106af5db811e34e04d1250d1d3eac80898d91318b2f5ba9c563ed31c
- SSDEEP
  
  12288:HZdIyY5WGJw5NDQsNZMniH8kVwAm71MqOgsi/fDv6wuMVwsv+X4SUhO7Sevrfe+1:3IyYQTfvY5tAy1MqSOPu4v+ISUhO77
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan