darkcomet | aa3df5a7ab7f2a616ea99c5d94ef451c9dbf4b3ecd0b65596a47eaabdcba7e2b | Triage

Sharing

General

Target

54effa8bd854d67f4fa94892ee26601a_JaffaCakes118
Size

1.1MB
Sample

241018-cq2qks1cnf
MD5

54effa8bd854d67f4fa94892ee26601a
SHA1

bafd531eac669520999c0160a5029b94ed69498a
SHA256

aa3df5a7ab7f2a616ea99c5d94ef451c9dbf4b3ecd0b65596a47eaabdcba7e2b
SHA512

7ea7cf4bb015af5205228e87afb1391d2260aebf879f41dd69bb6a35208e8b2f68cf207955fdac89c8504527839d6f245a526dfeb9c961715a722bdba1af82ed
SSDEEP

12288:R2eq/SnRNA7LvewpXgi4uzCYKfhV0MwGRpAipfpWUYGfqo9s/Yos7O2OVzYRokb:R2e47Xs9PbS/Yr+ouZ4zjskCp

Score

10^/10

darkcomet discovery evasion persistence rat trojan

Malware Config

Targets

- Target
  
  54effa8bd854d67f4fa94892ee26601a_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  54effa8bd854d67f4fa94892ee26601a
- SHA1
  
  bafd531eac669520999c0160a5029b94ed69498a
- SHA256
  
  aa3df5a7ab7f2a616ea99c5d94ef451c9dbf4b3ecd0b65596a47eaabdcba7e2b
- SHA512
  
  7ea7cf4bb015af5205228e87afb1391d2260aebf879f41dd69bb6a35208e8b2f68cf207955fdac89c8504527839d6f245a526dfeb9c961715a722bdba1af82ed
- SSDEEP
  
  12288:R2eq/SnRNA7LvewpXgi4uzCYKfhV0MwGRpAipfpWUYGfqo9s/Yos7O2OVzYRokb:R2e47Xs9PbS/Yr+ouZ4zjskCp
Score

10^/10

darkcomet discovery evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Windows security bypass
  evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionpersistencerattrojan

behavioral2

darkcometdiscoveryevasionpersistencerattrojan