darkcomet | 723db2214f73cb86dc2c3907d918edad0c6d4656dce410a869c09f6ef43148ed | Triage

Sharing

General

Target

c125a25d42db279a7983c430494f3998_JaffaCakes118
Size

440KB
Sample

241204-gnyclavld1
MD5

c125a25d42db279a7983c430494f3998
SHA1

05abdf89294e9f69bc90b88a9ee487db464dbab2
SHA256

723db2214f73cb86dc2c3907d918edad0c6d4656dce410a869c09f6ef43148ed
SHA512

43b7aa585f2ffd280bece054a888ab03112aa42334c522717c3432317c3f336615b7ba6750601df716e086f4aaa19be93b75c922b342ae256adbe958f40acaf2
SSDEEP

12288:voGHJnX3ekhSSWBMppVdS4dMcAz4zRRbhEK9Sd:voCXue0MppV5B7t730

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  c125a25d42db279a7983c430494f3998_JaffaCakes118
- Size
  
  440KB
- MD5
  
  c125a25d42db279a7983c430494f3998
- SHA1
  
  05abdf89294e9f69bc90b88a9ee487db464dbab2
- SHA256
  
  723db2214f73cb86dc2c3907d918edad0c6d4656dce410a869c09f6ef43148ed
- SHA512
  
  43b7aa585f2ffd280bece054a888ab03112aa42334c522717c3432317c3f336615b7ba6750601df716e086f4aaa19be93b75c922b342ae256adbe958f40acaf2
- SSDEEP
  
  12288:voGHJnX3ekhSSWBMppVdS4dMcAz4zRRbhEK9Sd:voCXue0MppV5B7t730
Score

1^/10
behavioral1 behavioral2
- Target
  
  Adobe Acrobat 9 Pro ExtendedFullActivated.exe
- Size
  
  40KB
- MD5
  
  250d060a133b9c318561a1b6d3c694cf
- SHA1
  
  aee43024e6446208fe21ab516ad9e680234b6729
- SHA256
  
  2b10c0f3785ef16683677b9604f452e410669dfeb1de87cee1f467f18c2dc854
- SHA512
  
  ecff10efb888d9daa2c9dd4242e0d2a5e771d56f2b21bad77aaa803760bdd7624df16737508ccbfed6612d268705ef800a58d569728651e01e8bb12d08e5472b
- SSDEEP
  
  768:/FDYdHVd+2Fwi2sUxgBOIsvXWP/+8niVdSJ3S2q:/idHVSBaAIIS/+8niVdUq
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Serials Finder.exe
- Size
  
  515KB
- MD5
  
  030ee8eb6e0a72bc28a1256e78eada5a
- SHA1
  
  92d251dfe6f5366ee13a68e08b8a44fb22560d01
- SHA256
  
  f9607638b474662f2830cebbbe41676b99ae9b0dd7a73607fa98899658f7536d
- SHA512
  
  dde10c7d8cd8aea45b88073fae10518c2bbd822b47607a1f409e5064c781208602200eae3516c340637b3792f643623aab5196b698c9d310704c823f174053d1
- SSDEEP
  
  12288:k2ZChoJNrfwxSSWVtpGVdF4+Dc1z4z9R0NTwO:uhWDqCtpGVDQqZO7
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

darkcometdiscoveryrattrojan

behavioral6

darkcometdiscoveryrattrojan