darkcomet | daac00188bb65fbd29e3b3b9d723ba883c8b2d0106ba86be05cd2934a13acf3f | Triage

Sharing

General

Target

a636880256c212ddea07f669247c5909_JaffaCakes118
Size

756KB
Sample

241127-geyl1axjdm
MD5

a636880256c212ddea07f669247c5909
SHA1

1db5430fea5603b49cc3a54d078d3cfde06584ed
SHA256

daac00188bb65fbd29e3b3b9d723ba883c8b2d0106ba86be05cd2934a13acf3f
SHA512

7499d41b5b8471c24f108573c49b832f55942bd01c21b1bcd87a6cb7fb1eead7f8332497c5019d7f8b27bc7fe74a335e74fb4f88a1a1066ac1918c48b952775b
SSDEEP

12288:T9AFlAd0Z+89cxTGzO4ADTD8iP2lmSSrVs9YqnI3Md0QZh9u:RAQ6Zx9cxTmOrDTI+SSpORI00QZh9u

Score

10^/10

darkcomet discovery evasion rat trojan

Malware Config

Targets

- Target
  
  a636880256c212ddea07f669247c5909_JaffaCakes118
- Size
  
  756KB
- MD5
  
  a636880256c212ddea07f669247c5909
- SHA1
  
  1db5430fea5603b49cc3a54d078d3cfde06584ed
- SHA256
  
  daac00188bb65fbd29e3b3b9d723ba883c8b2d0106ba86be05cd2934a13acf3f
- SHA512
  
  7499d41b5b8471c24f108573c49b832f55942bd01c21b1bcd87a6cb7fb1eead7f8332497c5019d7f8b27bc7fe74a335e74fb4f88a1a1066ac1918c48b952775b
- SSDEEP
  
  12288:T9AFlAd0Z+89cxTGzO4ADTD8iP2lmSSrVs9YqnI3Md0QZh9u:RAQ6Zx9cxTmOrDTI+SSpORI00QZh9u
Score

10^/10

darkcomet discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryevasionrattrojan

behavioral2

darkcometdiscoveryevasionrattrojan