darkcomet | e9d9364b867d5ed9cdd6c9521752906a33c9ac341ccb42d2134ff00649aed35b | Triage

Sharing

General

Target

JaffaCakes118_065aad84d32fc2e73a58b3d90a767128
Size

753KB
Sample

250121-wbwesswkcn
MD5

065aad84d32fc2e73a58b3d90a767128
SHA1

53253ac88b75924f4a2ff9475d9baeeef112b61b
SHA256

e9d9364b867d5ed9cdd6c9521752906a33c9ac341ccb42d2134ff00649aed35b
SHA512

63e403956aa9b81ab671d3d102f56c89d51eed2fcb1178c7ade1e4846cbff021e5b60cf060cb5988118247e45cfe3c7942cf06e607208820ad1646be577c8585
SSDEEP

12288:bQ0dzdHdepiIRPeJxFL4aEbYDHYw0QdEqDwJ4u5uuxtQjyVechAkm:bn/ekIRcjLJCSwJfuGt4secFm

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_065aad84d32fc2e73a58b3d90a767128
- Size
  
  753KB
- MD5
  
  065aad84d32fc2e73a58b3d90a767128
- SHA1
  
  53253ac88b75924f4a2ff9475d9baeeef112b61b
- SHA256
  
  e9d9364b867d5ed9cdd6c9521752906a33c9ac341ccb42d2134ff00649aed35b
- SHA512
  
  63e403956aa9b81ab671d3d102f56c89d51eed2fcb1178c7ade1e4846cbff021e5b60cf060cb5988118247e45cfe3c7942cf06e607208820ad1646be577c8585
- SSDEEP
  
  12288:bQ0dzdHdepiIRPeJxFL4aEbYDHYw0QdEqDwJ4u5uuxtQjyVechAkm:bn/ekIRcjLJCSwJfuGt4secFm
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2