darkcomet | 29435b65a13bdb90de14cb350d8b1738c228821ea42cd19f9b2fa6f735cec28b | Triage

Sharing

General

Target

d9ab6001ab538cf499d2617b8440e3ed_JaffaCakes118
Size

881KB
Sample

241209-pwybkasmar
MD5

d9ab6001ab538cf499d2617b8440e3ed
SHA1

f211dca5c14dfe1652f35ebbdb6e14eb52a4da7f
SHA256

29435b65a13bdb90de14cb350d8b1738c228821ea42cd19f9b2fa6f735cec28b
SHA512

d0343ea218acb60bff2ab6bb9d081056a5f03c9c54e746e34dcdd038d6c58bcf817cf69fb96fc4d15d0002589ff4b5161e7b35a723c9a132026a228ac311927f
SSDEEP

24576:5RQkTf4do2SmLV/pYiENV3a7dnE6/ZG5wCOPe:gkTgrVJpxENFa7NE80OCOPe

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  d9ab6001ab538cf499d2617b8440e3ed_JaffaCakes118
- Size
  
  881KB
- MD5
  
  d9ab6001ab538cf499d2617b8440e3ed
- SHA1
  
  f211dca5c14dfe1652f35ebbdb6e14eb52a4da7f
- SHA256
  
  29435b65a13bdb90de14cb350d8b1738c228821ea42cd19f9b2fa6f735cec28b
- SHA512
  
  d0343ea218acb60bff2ab6bb9d081056a5f03c9c54e746e34dcdd038d6c58bcf817cf69fb96fc4d15d0002589ff4b5161e7b35a723c9a132026a228ac311927f
- SSDEEP
  
  24576:5RQkTf4do2SmLV/pYiENV3a7dnE6/ZG5wCOPe:gkTgrVJpxENFa7NE80OCOPe
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan