darkcomet | 2b16710a962c2676143e1f663626bbd2b8daab3f70718414ce6d2cd534379b7b | Triage

Submit
Reports

Overview

overview

Static

static

178db5992b...18.exe

windows7-x64

178db5992b...18.exe

windows10-2004-x64

Sharing

General

Target

178db5992b083838ffb393f855bb3038_JaffaCakes118
Size

659KB
Sample

240627-z3tl3atdnn
MD5

178db5992b083838ffb393f855bb3038
SHA1

113e849141da66115b181809169c4c590b5dcabb
SHA256

2b16710a962c2676143e1f663626bbd2b8daab3f70718414ce6d2cd534379b7b
SHA512

08e3e09cac0c6e9966f30119f6f94f95b4bd5f55d7e06e91b860e73e57e34648aa089af8168dce3eb1895e23604bf00adcad015a0fdf32994f7958e49afa1f5a
SSDEEP

12288:19AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKZ:zAQ6Zx9cxTmOrucTIEFSpOGU

Score

10^/10

darkcomet evasion persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

178db5992b083838ffb393f855bb3038_JaffaCakes118.exe

Resource

win7-20240221-en

darkcomet evasion persistence rat trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

178db5992b083838ffb393f855bb3038_JaffaCakes118.exe

Resource

win10v2004-20240508-en

darkcomet evasion persistence rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  178db5992b083838ffb393f855bb3038_JaffaCakes118
- Size
  
  659KB
- MD5
  
  178db5992b083838ffb393f855bb3038
- SHA1
  
  113e849141da66115b181809169c4c590b5dcabb
- SHA256
  
  2b16710a962c2676143e1f663626bbd2b8daab3f70718414ce6d2cd534379b7b
- SHA512
  
  08e3e09cac0c6e9966f30119f6f94f95b4bd5f55d7e06e91b860e73e57e34648aa089af8168dce3eb1895e23604bf00adcad015a0fdf32994f7958e49afa1f5a
- SSDEEP
  
  12288:19AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKZ:zAQ6Zx9cxTmOrucTIEFSpOGU
Score

10^/10

darkcomet evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Disable or Modify System Firewall

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometevasionpersistencerattrojan

behavioral2

darkcometevasionpersistencerattrojan

© 2018-2024

Terms | Privacy