darkcomet | b917d6ae160624d0a09bf2421302b8332d0564bc67fd7a23237f84387a3ed340 | Triage

Sharing

General

Target

e77026f0e5fc471b0e0100e0d29f230c_JaffaCakes118
Size

653KB
Sample

241212-vszm4ssrbj
MD5

e77026f0e5fc471b0e0100e0d29f230c
SHA1

27a4426cd34fd0a6e65162fd9cb37bc75e298948
SHA256

b917d6ae160624d0a09bf2421302b8332d0564bc67fd7a23237f84387a3ed340
SHA512

adef249dcb9798cb579e4ab18f202cff210dc2b4eab7753124c80a4bdce34fda1568ffdc97e09f01c0932a81c0ccbf445c591293a60fca461d0aa554d26e9c04
SSDEEP

12288:yvn+hFL24a5t5ZEijz8gOyBMYV74DpmmpehHrloM17PDQEpvGkeOB:y/AFqXt5ZEi/8gO1YVepmmp2RhDZGkt

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Targets

- Target
  
  digit_by_helkin86-d377w81/DiGiT/DiGiT/Instructions.exe
- Size
  
  880KB
- MD5
  
  ba480da41b6ec6f00fc0d7caf9f11cb3
- SHA1
  
  f924f6baa35057ea88154faed0213c154eadcfa0
- SHA256
  
  47256456d9897ef71eb4a944fbde08aa388aabb85645b5b79ba6dc0c9a106124
- SHA512
  
  adfa3b2c264d1bcfa82e2d94187a073905cfe55aa08690a1d9e79d9a6a8bc7fe523e49d8bcbd43beec5ab62e26c558e57e7ff72e46d1aa5973fd77d5a39a0b9f
- SSDEEP
  
  24576:9+6LCb7OdjFbdRGe9PiuImyEaNCXhgtNz5WhCdSjD4kbQsbq7480/uSUsQ6F:9pnCe9qIeNCqfb4j1bT
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  digit_by_helkin86-d377w81/Instructions.lnk
- Size
  
  1KB
- MD5
  
  cf844752e211b06e9e106083c541c895
- SHA1
  
  2f6840cb8be7b984c4a0e57b7b204a8adf1a8635
- SHA256
  
  a558a16dce2f35cd527a4d2829738f19da9be1d246d0d7482d824b4481f8ae7b
- SHA512
  
  722113986ac53bb5c162c9f4ef35785502f3123200b9c6141200f9f8a0ebb94eb9dfde17ed187b1d02147a07c969f3cbd7c9c5ff8fd16afe4832ddefc5f25ee4
Score

3^/10
behavioral3 behavioral4
- Target
  
  digit_by_helkin86-d377w81/MailMeter.dll
- Size
  
  114KB
- MD5
  
  b4705a4f4f77cd3a0d0024bb88173e3b
- SHA1
  
  5e4a851bf9f81ad787b446d5440b1061b0f02193
- SHA256
  
  85aab2c879b896c6e633bdbc9c3f3be2a937941036d9d1a866fd7169c540d61c
- SHA512
  
  673243ca1535da4581dd287329e09b2c50af8a6fa53705f24ce2614d915ed5c054a3beec7653a88bc5efb07267a3593583f7cdb7465b6bcd0f97657004be8579
- SSDEEP
  
  3072:R6xyTi7oZwTNWVt4HBZUkRC72iodFf7IRnWndxFkJ:R67kZ8RZpJ75
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6