darkcomet | ff44f7e6e14d8360ea0b2483f86e153f224b53e47dd7434cecf5ea71621d6d36 | Triage

Sharing

General

Target

85e75f2074d35bd1e81b832f176a3e5a_JaffaCakes118
Size

756KB
Sample

241102-rqh1sswgkf
MD5

85e75f2074d35bd1e81b832f176a3e5a
SHA1

7efa74c89aab66d12f41068122ecbe8460372a34
SHA256

ff44f7e6e14d8360ea0b2483f86e153f224b53e47dd7434cecf5ea71621d6d36
SHA512

9a2ff42f85f5832b032d4b0ad5dc5f668efa99de027145f022ecf05bdc518d70a0c27ba4e1963650c3d1f20ef3e31b60f7b43a06fffaf030d645cbbc6e5302bc
SSDEEP

12288:T9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKZqMd0QZh9u:RAQ6Zx9cxTmOrucTIEFSpOGED0QZh9u

Score

10^/10

darkcomet discovery evasion rat trojan

Malware Config

Targets

- Target
  
  85e75f2074d35bd1e81b832f176a3e5a_JaffaCakes118
- Size
  
  756KB
- MD5
  
  85e75f2074d35bd1e81b832f176a3e5a
- SHA1
  
  7efa74c89aab66d12f41068122ecbe8460372a34
- SHA256
  
  ff44f7e6e14d8360ea0b2483f86e153f224b53e47dd7434cecf5ea71621d6d36
- SHA512
  
  9a2ff42f85f5832b032d4b0ad5dc5f668efa99de027145f022ecf05bdc518d70a0c27ba4e1963650c3d1f20ef3e31b60f7b43a06fffaf030d645cbbc6e5302bc
- SSDEEP
  
  12288:T9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKZqMd0QZh9u:RAQ6Zx9cxTmOrucTIEFSpOGED0QZh9u
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionrattrojan

behavioral2

darkcometdiscoveryevasionrattrojan