darkcomet | 01eeaec2582724bff9646c88fb477ea945f55915dfd0da9d619a404797820e5a | Triage

Sharing

General

Target

JaffaCakes118_0fe6a2ad84739f138c16c693028072c2
Size

1.9MB
Sample

250122-wj1pgsxrcx
MD5

0fe6a2ad84739f138c16c693028072c2
SHA1

50ffc480400d902ce23dbabe7559a057850938d7
SHA256

01eeaec2582724bff9646c88fb477ea945f55915dfd0da9d619a404797820e5a
SHA512

80f92cd708f32bb6aa7398dda7a2652433f95ffcb178fb0186dcdcdd97ba7dcc0a448b02e4a754b379d568bf562ca173fc7517958326ecbc6f5c548c2bf165f3
SSDEEP

24576:kV1HEA3zhTIzjvfn+Hg5z8OdXGkTIjF66310:kDGyB1

Score

10^/10

darkcomet discovery persistence rat trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_0fe6a2ad84739f138c16c693028072c2
- Size
  
  1.9MB
- MD5
  
  0fe6a2ad84739f138c16c693028072c2
- SHA1
  
  50ffc480400d902ce23dbabe7559a057850938d7
- SHA256
  
  01eeaec2582724bff9646c88fb477ea945f55915dfd0da9d619a404797820e5a
- SHA512
  
  80f92cd708f32bb6aa7398dda7a2652433f95ffcb178fb0186dcdcdd97ba7dcc0a448b02e4a754b379d568bf562ca173fc7517958326ecbc6f5c548c2bf165f3
- SSDEEP
  
  24576:kV1HEA3zhTIzjvfn+Hg5z8OdXGkTIjF66310:kDGyB1
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan