darkcomet | 719253b88929a883198b965845b69e65be84eb49e38ee22653009401c1c38b0f | Triage

Sharing

General

Target

5bdb7088dffc5f31fc0395a3a730c4ef_JaffaCakes118
Size

1024KB
Sample

241019-kyqmaazckl
MD5

5bdb7088dffc5f31fc0395a3a730c4ef
SHA1

a6ca72fecc60b17600de13b7b313702e1baf13df
SHA256

719253b88929a883198b965845b69e65be84eb49e38ee22653009401c1c38b0f
SHA512

d2076d6879272906657f86df4a2a4b18bfada1ad30af17f1fef5017a762858a99c2f6f0a60cca0cbbcb163c98a47c533ca3d0e16c937470dba412687849dafa9
SSDEEP

24576:refhGKsjKXJxsyhu/m+Z6N5om+t/70nKi8ssss+W6Zr:djP36F+Z0nf

Score

10^/10

darkcomet discovery evasion rat trojan

Malware Config

Targets

- Target
  
  5bdb7088dffc5f31fc0395a3a730c4ef_JaffaCakes118
- Size
  
  1024KB
- MD5
  
  5bdb7088dffc5f31fc0395a3a730c4ef
- SHA1
  
  a6ca72fecc60b17600de13b7b313702e1baf13df
- SHA256
  
  719253b88929a883198b965845b69e65be84eb49e38ee22653009401c1c38b0f
- SHA512
  
  d2076d6879272906657f86df4a2a4b18bfada1ad30af17f1fef5017a762858a99c2f6f0a60cca0cbbcb163c98a47c533ca3d0e16c937470dba412687849dafa9
- SSDEEP
  
  24576:refhGKsjKXJxsyhu/m+Z6N5om+t/70nKi8ssss+W6Zr:djP36F+Z0nf
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionrattrojan

behavioral2

darkcometdiscoveryevasionrattrojan