darkcomet | 05ae1acb02bf4400cc1d7d43e2fa68bea824477e72fe57fcc8585ccd1b3195f7 | Triage

Sharing

General

Target

53af6d3c3f06dde6c91589dcc572e60f_JaffaCakes118
Size

847KB
Sample

241017-zpw52awbpc
MD5

53af6d3c3f06dde6c91589dcc572e60f
SHA1

c9b586ae5ee2376e6eb650876a278b1abfe52c72
SHA256

05ae1acb02bf4400cc1d7d43e2fa68bea824477e72fe57fcc8585ccd1b3195f7
SHA512

547340dd763d7889e33270bce81755b22b68140cc3f0ca7ef0f9dacf7d215ea84396930c056165436b720f32e4f24e5f9944c9d4373fd51bf6ca7e96eec94b00
SSDEEP

12288:OyfM+A7Kc3IhE8JqrZ0X5Ail8twb6xIZR0Vb3gaddWvHAAEXJqbb2znspToTjrIh:GtKkIK0+U8nxXPd4fATZq3SnseTn0j

Score

10^/10

darkcomet discovery evasion rat trojan

Malware Config

Targets

- Target
  
  53af6d3c3f06dde6c91589dcc572e60f_JaffaCakes118
- Size
  
  847KB
- MD5
  
  53af6d3c3f06dde6c91589dcc572e60f
- SHA1
  
  c9b586ae5ee2376e6eb650876a278b1abfe52c72
- SHA256
  
  05ae1acb02bf4400cc1d7d43e2fa68bea824477e72fe57fcc8585ccd1b3195f7
- SHA512
  
  547340dd763d7889e33270bce81755b22b68140cc3f0ca7ef0f9dacf7d215ea84396930c056165436b720f32e4f24e5f9944c9d4373fd51bf6ca7e96eec94b00
- SSDEEP
  
  12288:OyfM+A7Kc3IhE8JqrZ0X5Ail8twb6xIZR0Vb3gaddWvHAAEXJqbb2znspToTjrIh:GtKkIK0+U8nxXPd4fATZq3SnseTn0j
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionrattrojan

behavioral2