DarkComet RAT: Technical Analysis of Attack Chain
Oct. 23, 2024, 7:49 p.m.
Tags
External References
Description
This analysis examines the Remote Access Trojan (RAT) DarkComet, detailing its capabilities, distribution methods, and technical operations. The malware alters file attributes, establishes communication with malicious domains, modifies process privileges, and gathers system information. It employs various persistence mechanisms, including registry modifications. DarkComet's functionalities include simulating user input, capturing keystrokes, and manipulating system settings. The analysis reveals its ability to evade detection, escalate privileges, and execute remote commands via a Command and Control (C2) server. The malware's versatility and ease of use contribute to its widespread deployment in targeted cyberattacks, making it a significant threat to cybersecurity.
Date
Published: Oct. 23, 2024, 5:36 p.m.
Created: Oct. 23, 2024, 5:36 p.m.
Modified: Oct. 23, 2024, 7:49 p.m.
Indicators
90d3dbe2c8ae46b970a865f597d091688e7c04c7886a1ec287e4b7a0f5e2fcf1
Attack Patterns
FYNLOS
Krademok
Fynloski
DarkKomet
DarkComet - S0334
T1547.004
T1564.001
T1547.001
T1012
T1614
T1564
T1547
T1082
T1102
T1112