darkcomet | fc6f91773f25c82a791d065a632ea8d27928b08ea3034eac24b8e62b39d619f3 | Triage

Submit
Reports

Overview

overview

Static

static

5

fc6f91773f...f3.exe

windows7-x64

fc6f91773f...f3.exe

windows10-2004-x64

Sharing

General

Target

fc6f91773f25c82a791d065a632ea8d27928b08ea3034eac24b8e62b39d619f3
Size

1.5MB
Sample

221011-xja99saag8
MD5

7589a096aa62e18e4f551f8aac5f30ce
SHA1

eaced6976c02d9f33f4a4d783f16a9290b5a71e5
SHA256

fc6f91773f25c82a791d065a632ea8d27928b08ea3034eac24b8e62b39d619f3
SHA512

0558c6020395a0b376ca834357b26c2079f6eae0ac3270650c7f65078f4eb2fdc97d53962d634e304aa5136a005682a0d9a8cb2c9f19ef2c91310a86af98c30c
SSDEEP

24576:dRmJkcoQricOIQxiZY1iag0a4oAboSB70PwvKNFZTVMrZiD4iVheq86F9/xP:SJZoQrbTFZY1iagIzborkKN73DjV7Z

Score

10^/10

darkcomet guest16 evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc6f91773f25c82a791d065a632ea8d27928b08ea3034eac24b8e62b39d619f3.exe

Resource

win7-20220812-en

darkcomet guest16 evasion persistence rat trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc6f91773f25c82a791d065a632ea8d27928b08ea3034eac24b8e62b39d619f3.exe

Resource

win10v2004-20220812-en

darkcomet guest16 evasion persistence rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

minamobile1.zapto.org:1604

Mutex

DC_MUTEX-FVRPPG1

Attributes

InstallPath
MSDCSC\explorer.exe
gencode
2Ml2U2nN4HCu
install
true
offline_keylogger
true
persistence
true
reg_key
Microsoft Explorer Service

Targets

- Target
  
  fc6f91773f25c82a791d065a632ea8d27928b08ea3034eac24b8e62b39d619f3
- Size
  
  1.5MB
- MD5
  
  7589a096aa62e18e4f551f8aac5f30ce
- SHA1
  
  eaced6976c02d9f33f4a4d783f16a9290b5a71e5
- SHA256
  
  fc6f91773f25c82a791d065a632ea8d27928b08ea3034eac24b8e62b39d619f3
- SHA512
  
  0558c6020395a0b376ca834357b26c2079f6eae0ac3270650c7f65078f4eb2fdc97d53962d634e304aa5136a005682a0d9a8cb2c9f19ef2c91310a86af98c30c
- SSDEEP
  
  24576:dRmJkcoQricOIQxiZY1iag0a4oAboSB70PwvKNFZTVMrZiD4iVheq86F9/xP:SJZoQrbTFZY1iagIzborkKN73DjV7Z
Score

10^/10

darkcomet guest16 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16evasionpersistencerattrojan

behavioral2

darkcometguest16evasionpersistencerattrojan

© 2018-2025

Terms | Privacy