darkcomet | bb1bc835811d37d39eb890bb6c603fdb296335f9c99e239d4b952ba9f0457d4c | Triage

Sharing

General

Target

44d3740262ffe3b8f44dbf600564714f_JaffaCakes118
Size

4.2MB
Sample

241015-aa4twstakc
MD5

44d3740262ffe3b8f44dbf600564714f
SHA1

8fe00ce34c39c416f0670e78db00d581fac81570
SHA256

bb1bc835811d37d39eb890bb6c603fdb296335f9c99e239d4b952ba9f0457d4c
SHA512

4721387a976b63f635d6856b927aff93e2765358d8ec82110adf4e89304602244c992585ca69673f720f24d20ed412f727e5cf95fb21994eaf5a1d42d0dd5986
SSDEEP

49152:nZIINgOSs/k9XwISBmD6myvdraiBYTTTTTT8TTTTTTHcCCRRmdOAT:

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  44d3740262ffe3b8f44dbf600564714f_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  44d3740262ffe3b8f44dbf600564714f
- SHA1
  
  8fe00ce34c39c416f0670e78db00d581fac81570
- SHA256
  
  bb1bc835811d37d39eb890bb6c603fdb296335f9c99e239d4b952ba9f0457d4c
- SHA512
  
  4721387a976b63f635d6856b927aff93e2765358d8ec82110adf4e89304602244c992585ca69673f720f24d20ed412f727e5cf95fb21994eaf5a1d42d0dd5986
- SSDEEP
  
  49152:nZIINgOSs/k9XwISBmD6myvdraiBYTTTTTT8TTTTTTHcCCRRmdOAT:
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan