darkcomet | 52ac4712c864d3ddcb918207ac1cf0cb475fec9681126c81d6b6c43987adaa7c | Triage

Sharing

General

Target

JaffaCakes118_4064b2d68568ddd4da281111d2a091c2
Size

292KB
Sample

250302-p9xbesvwfz
MD5

4064b2d68568ddd4da281111d2a091c2
SHA1

289b2c65977534d2ac9e890cf17e09a82b0af62d
SHA256

52ac4712c864d3ddcb918207ac1cf0cb475fec9681126c81d6b6c43987adaa7c
SHA512

be12602ca45dd1744902a6d180ae0acad390b882fa34d9d013a7b4fb76da53cbabb04a48308b422304aad46a4717239ba6ef8cece0fc3c093b59daf673613103
SSDEEP

6144:JZV2WFGHGY3uJw7xPIGiVxLSSs+9DlMMjhPtvTVC:JZ433uJw79tiVxu6MU5G

Score

10^/10

darkcomet discovery rat trojan

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_4064b2d68568ddd4da281111d2a091c2
- Size
  
  292KB
- MD5
  
  4064b2d68568ddd4da281111d2a091c2
- SHA1
  
  289b2c65977534d2ac9e890cf17e09a82b0af62d
- SHA256
  
  52ac4712c864d3ddcb918207ac1cf0cb475fec9681126c81d6b6c43987adaa7c
- SHA512
  
  be12602ca45dd1744902a6d180ae0acad390b882fa34d9d013a7b4fb76da53cbabb04a48308b422304aad46a4717239ba6ef8cece0fc3c093b59daf673613103
- SSDEEP
  
  6144:JZV2WFGHGY3uJw7xPIGiVxLSSs+9DlMMjhPtvTVC:JZ433uJw79tiVxu6MU5G
Score

10^/10

darkcomet discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoveryrattrojan

behavioral2

darkcometdiscoveryrattrojan