darkcomet | dcdb6199ff4eadc06388a23facc08ae86268b76740bebbdac6189dac4d88d053 | Triage

Sharing

General

Target

97a28d1db426330fe5cc63fd0cc8899c_JaffaCakes118
Size

753KB
Sample

241124-2pstqazldp
MD5

97a28d1db426330fe5cc63fd0cc8899c
SHA1

81ac8739ae6597e28e77b2409584ac6d5faf121a
SHA256

dcdb6199ff4eadc06388a23facc08ae86268b76740bebbdac6189dac4d88d053
SHA512

c194586f9722a4696074fa409154462bc08556905bed0b338eed2b01c3acc43e024bc166905d33d92f629036b6421bff88aa3cf7ceaf41a419a58c4b09731d2c
SSDEEP

12288:bQ0dz71sFAFZpuAHRamLqlgyGr5PLIG4qD2v30hT7whhT5Jg:bn7eFAHVPGCr5PLIGJiv0hT87TTg

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  97a28d1db426330fe5cc63fd0cc8899c_JaffaCakes118
- Size
  
  753KB
- MD5
  
  97a28d1db426330fe5cc63fd0cc8899c
- SHA1
  
  81ac8739ae6597e28e77b2409584ac6d5faf121a
- SHA256
  
  dcdb6199ff4eadc06388a23facc08ae86268b76740bebbdac6189dac4d88d053
- SHA512
  
  c194586f9722a4696074fa409154462bc08556905bed0b338eed2b01c3acc43e024bc166905d33d92f629036b6421bff88aa3cf7ceaf41a419a58c4b09731d2c
- SSDEEP
  
  12288:bQ0dz71sFAFZpuAHRamLqlgyGr5PLIG4qD2v30hT7whhT5Jg:bn7eFAHVPGCr5PLIGJiv0hT87TTg
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2