darkcomet | 79a26eaa9e03ddeb586d29b1b95be48636ba2be37ebabe83f2c648b4dcf32b60 | Triage

Sharing

General

Target

445da1eb7c58d577c1091d878e05cae5_JaffaCakes118
Size

30KB
Sample

241014-1r3w2aycla
MD5

445da1eb7c58d577c1091d878e05cae5
SHA1

7de6269de478c1e883a342bf1eb85fa675429fbf
SHA256

79a26eaa9e03ddeb586d29b1b95be48636ba2be37ebabe83f2c648b4dcf32b60
SHA512

940b34ac04b36d94fe6bc84f840cd3eefdfa2b371299c43b64c05829377ae3104b6d53a8c2544ea259b767dc323e225e6ca35aca0f909a8ed4900878317608d2
SSDEEP

384:ph92Cfflq1lXindH1jF9m4AvwghmMCHFGmmT8TUm5oMO6pVSV:ph9pf+lXinhdF9mjvVn0TUmmAVo

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  445da1eb7c58d577c1091d878e05cae5_JaffaCakes118
- Size
  
  30KB
- MD5
  
  445da1eb7c58d577c1091d878e05cae5
- SHA1
  
  7de6269de478c1e883a342bf1eb85fa675429fbf
- SHA256
  
  79a26eaa9e03ddeb586d29b1b95be48636ba2be37ebabe83f2c648b4dcf32b60
- SHA512
  
  940b34ac04b36d94fe6bc84f840cd3eefdfa2b371299c43b64c05829377ae3104b6d53a8c2544ea259b767dc323e225e6ca35aca0f909a8ed4900878317608d2
- SSDEEP
  
  384:ph92Cfflq1lXindH1jF9m4AvwghmMCHFGmmT8TUm5oMO6pVSV:ph9pf+lXinhdF9mjvVn0TUmmAVo
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan