DarkComet RAT: Technical Analysis of Attack Chain

Oct. 23, 2024, 7:49 p.m.

Description

This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs various persistence mechanisms, including registry modifications. DarkComet's functionalities include simulating user input, capturing keystrokes, and manipulating system settings. The analysis reveals its ability to evade detection, escalate privileges, and execute remote commands via a Command and Control (C2) server. The malware's versatility and ease of use contribute to its widespread deployment in targeted cyberattacks, making it a significant threat to cybersecurity.

Date

Published: Oct. 23, 2024, 5:36 p.m.

Created: Oct. 23, 2024, 5:36 p.m.

Modified: Oct. 23, 2024, 7:49 p.m.

Indicators

90d3dbe2c8ae46b970a865f597d091688e7c04c7886a1ec287e4b7a0f5e2fcf1

Attack Patterns

FYNLOS

Krademok

Fynloski

DarkKomet

DarkComet - S0334

T1547.004

T1564.001

T1547.001

T1012

T1614

T1564

T1547

T1082

T1102

T1112