darkcomet

General

Target

JaffaCakes118_a5e0a7385a395af2f768f9060b67b512
Size

769KB
Sample

250206-b1l77symbx
MD5

a5e0a7385a395af2f768f9060b67b512
SHA1

e490b9d23a735bf8c90d3784f7e8bdff90942a08
SHA256

e15f201d7561a7425144dd03e690af50ab3d3c66a3a24b6005e5c04d825d1fad
SHA512

4ee2834f11ed751c1dd30bd26296d2ba7d861d59134890160a9a41616468f81a56ab914cc33e83062ecda28cf05b6e399a486ec12998d10ab85b28d03be1ec4a
SSDEEP

12288:wJW1t+7yEtrwv3QsET+m9Eq0iIWkZ4TgD7fpLl3buoY9Z/NwJWOzwPfhwXIDF+Bt:t1tqcv3QDT+eaWisW75R+bwJrw3hDDEt

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_a5e0a7385a395af2f768f9060b67b512
- Size
  
  769KB
- MD5
  
  a5e0a7385a395af2f768f9060b67b512
- SHA1
  
  e490b9d23a735bf8c90d3784f7e8bdff90942a08
- SHA256
  
  e15f201d7561a7425144dd03e690af50ab3d3c66a3a24b6005e5c04d825d1fad
- SHA512
  
  4ee2834f11ed751c1dd30bd26296d2ba7d861d59134890160a9a41616468f81a56ab914cc33e83062ecda28cf05b6e399a486ec12998d10ab85b28d03be1ec4a
- SSDEEP
  
  12288:wJW1t+7yEtrwv3QsET+m9Eq0iIWkZ4TgD7fpLl3buoY9Z/NwJWOzwPfhwXIDF+Bt:t1tqcv3QDT+eaWisW75R+bwJrw3hDDEt
Score

10^/10

darkcomet defense_evasion discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Disables Task Manager via registry modification
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2