darkcomet | c25b863bb69d711b485b4b040281a766e3558fe79636862f86fc36ab7b194c8b | Triage

Sharing

General

Target

64a807e296d5d2cf86ad93d7279e6b1d_JaffaCakes118
Size

756KB
Sample

241020-3m5aeaxarh
MD5

64a807e296d5d2cf86ad93d7279e6b1d
SHA1

d0f8f5c82e64567ed5fbcfae16c5c9b1ad85c712
SHA256

c25b863bb69d711b485b4b040281a766e3558fe79636862f86fc36ab7b194c8b
SHA512

7869d9e157fadbed03b8aa8384941f78939753f2980e239ca23830646344f8e70b9ddb8666c576e16b6f8378481f4413f5ba47fcb0dae46b73c1c5da9f108137
SSDEEP

12288:K9AFlAd0Z+89cxTGzO4ADTD8iP2lmSSrVs9YqnI3Md0QZh9u:oAQ6Zx9cxTmOrDTI+SSpORI00QZh9u

Score

10^/10

darkcomet discovery evasion rat trojan

Malware Config

Targets

- Target
  
  64a807e296d5d2cf86ad93d7279e6b1d_JaffaCakes118
- Size
  
  756KB
- MD5
  
  64a807e296d5d2cf86ad93d7279e6b1d
- SHA1
  
  d0f8f5c82e64567ed5fbcfae16c5c9b1ad85c712
- SHA256
  
  c25b863bb69d711b485b4b040281a766e3558fe79636862f86fc36ab7b194c8b
- SHA512
  
  7869d9e157fadbed03b8aa8384941f78939753f2980e239ca23830646344f8e70b9ddb8666c576e16b6f8378481f4413f5ba47fcb0dae46b73c1c5da9f108137
- SSDEEP
  
  12288:K9AFlAd0Z+89cxTGzO4ADTD8iP2lmSSrVs9YqnI3Md0QZh9u:oAQ6Zx9cxTmOrDTI+SSpORI00QZh9u
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionrattrojan

behavioral2

darkcometdiscoveryevasionrattrojan