darkcomet

General

Target

505e0479271963403c89d94dc8d9297e_JaffaCakes118
Size

773KB
Sample

241017-c2me2axhne
MD5

505e0479271963403c89d94dc8d9297e
SHA1

0281b7e8b7bae68774a97569bcb3ba747d3c7f8e
SHA256

f44dad3c2f770d7ffd8234e857184d196d2251e28375c6f8e5bb499dd8fffe1b
SHA512

e0687467efd8924e665d4d63b478054b441cd40d2e206f9ecdd16d518bfd24d3c885e54554c856369704eac9c12ce2c08340b6fdbe2945db734a87f4c64abc2c
SSDEEP

12288:wYU38tWvCBtmerOuCvLmWzZsSeOqbEwFsxikVPdJV717Uji4NHv4UHolx7cjOnqH:vRrOuOmW9snobHVPdc/x4UIlgOnq8acg

Score

10^/10

Malware Config

Targets

- Target
  
  505e0479271963403c89d94dc8d9297e_JaffaCakes118
- Size
  
  773KB
- MD5
  
  505e0479271963403c89d94dc8d9297e
- SHA1
  
  0281b7e8b7bae68774a97569bcb3ba747d3c7f8e
- SHA256
  
  f44dad3c2f770d7ffd8234e857184d196d2251e28375c6f8e5bb499dd8fffe1b
- SHA512
  
  e0687467efd8924e665d4d63b478054b441cd40d2e206f9ecdd16d518bfd24d3c885e54554c856369704eac9c12ce2c08340b6fdbe2945db734a87f4c64abc2c
- SSDEEP
  
  12288:wYU38tWvCBtmerOuCvLmWzZsSeOqbEwFsxikVPdJV717Uji4NHv4UHolx7cjOnqH:vRrOuOmW9snobHVPdc/x4UIlgOnq8acg
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

5

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2