darkcomet | dbd3ebf94196b14f6b8fe7218649e98951f5f373ab7c4352e43a50a5da2d0eb6 | Triage

Sharing

General

Target

56fb8c0f7ca3207d097d99851a7394b5_JaffaCakes118
Size

796KB
Sample

241018-mq4kaasdnf
MD5

56fb8c0f7ca3207d097d99851a7394b5
SHA1

a405fc816bca78f200e72cc931865075fb8a8c90
SHA256

dbd3ebf94196b14f6b8fe7218649e98951f5f373ab7c4352e43a50a5da2d0eb6
SHA512

b30a03ab2644476b8cd8cafb41acca60db86fd735ed751ed96b31ef6c46fefe010530634be67ae390c9e548ccd5f3f3847ec33f6f145bdac6bfaf3ee69957e76
SSDEEP

12288:u+/7zemUO1HK5OLXlewvefLvIm1O+nMd/08RnFcaSjsBcbPOa1lQ12mleKfezNo/:B/2uK5OiLvPORdvRua4mcbPjTQkKe1m

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  56fb8c0f7ca3207d097d99851a7394b5_JaffaCakes118
- Size
  
  796KB
- MD5
  
  56fb8c0f7ca3207d097d99851a7394b5
- SHA1
  
  a405fc816bca78f200e72cc931865075fb8a8c90
- SHA256
  
  dbd3ebf94196b14f6b8fe7218649e98951f5f373ab7c4352e43a50a5da2d0eb6
- SHA512
  
  b30a03ab2644476b8cd8cafb41acca60db86fd735ed751ed96b31ef6c46fefe010530634be67ae390c9e548ccd5f3f3847ec33f6f145bdac6bfaf3ee69957e76
- SSDEEP
  
  12288:u+/7zemUO1HK5OLXlewvefLvIm1O+nMd/08RnFcaSjsBcbPOa1lQ12mleKfezNo/:B/2uK5OiLvPORdvRua4mcbPjTQkKe1m
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan