darkcomet | 34f23b76b0746dbb69fdb33f3e3dfeb7a597d25f7823aefa11f0e9f3b3395c7a | Triage

Sharing

General

Target

JaffaCakes118_6a00638da8669e2cfe2764a3dce5cd5d
Size

740KB
Sample

250103-d7m47a1laj
MD5

6a00638da8669e2cfe2764a3dce5cd5d
SHA1

8d3e74878c5103410ddeee1b73c55c1b08d97223
SHA256

34f23b76b0746dbb69fdb33f3e3dfeb7a597d25f7823aefa11f0e9f3b3395c7a
SHA512

e500b4c8394369f98f47952b87b92754851a0d383fbee099fca2a8f2c553c346279c6587b8b8571caf4ad229dd211b9143ce360956867fe332a91b67355dd469
SSDEEP

12288:VaAchpWsuVtDnBsBDJIcynnC90levX4CuYf2D82T3s99+VHuNKwv:AAEE3uBDhynCylQgi63O9+VuNP

Score

10^/10

darkcomet discovery evasion persistence rat trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_6a00638da8669e2cfe2764a3dce5cd5d
- Size
  
  740KB
- MD5
  
  6a00638da8669e2cfe2764a3dce5cd5d
- SHA1
  
  8d3e74878c5103410ddeee1b73c55c1b08d97223
- SHA256
  
  34f23b76b0746dbb69fdb33f3e3dfeb7a597d25f7823aefa11f0e9f3b3395c7a
- SHA512
  
  e500b4c8394369f98f47952b87b92754851a0d383fbee099fca2a8f2c553c346279c6587b8b8571caf4ad229dd211b9143ce360956867fe332a91b67355dd469
- SSDEEP
  
  12288:VaAchpWsuVtDnBsBDJIcynnC90levX4CuYf2D82T3s99+VHuNKwv:AAEE3uBDhynCylQgi63O9+VuNP
Score

10^/10

darkcomet discovery persistence rat trojan evasion
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoveryevasionpersistencerattrojan