darkcomet | 5b91f5cb294f987aeeb2f60fbaf7a59b637ac9190b68d838de46dd56ee13c0ec | Triage

Submit
Reports

Overview

overview

Static

static

5b91f5cb29...ec.exe

windows7-x64

5b91f5cb29...ec.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

5b91f5cb294f987aeeb2f60fbaf7a59b637ac9190b68d838de46dd56ee13c0ec
Size

854KB
Sample

221020-lw1j5sgcfl
MD5

4c8396f8db1a485dc0b93651d8f7dbd0
SHA1

ed5b2b872399519287c2a33f54ecd31337116711
SHA256

5b91f5cb294f987aeeb2f60fbaf7a59b637ac9190b68d838de46dd56ee13c0ec
SHA512

3d690b7664d6bb5d9c0c5fe17a02cd7450d717065e11a67cf4e13ffc5e3a0fe2a9836db48dfe8562eb83731c002f5fdc7882c9f1d73484da04496db9ce4f7f99
SSDEEP

24576:OZ1xuVVjfFoynPaVBUR8f+kN10EBKACG9egjT+:uQDgok30B7ojT+

Score

10^/10

darkcomet guest16 evasion persistence rat trojan

Static task

static1

guest16 darkcomet

1 signatures

Behavioral task

behavioral1

Sample

5b91f5cb294f987aeeb2f60fbaf7a59b637ac9190b68d838de46dd56ee13c0ec.exe

Resource

win7-20220812-en

darkcomet guest16 evasion persistence rat trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b91f5cb294f987aeeb2f60fbaf7a59b637ac9190b68d838de46dd56ee13c0ec.exe

Resource

win10v2004-20220812-en

darkcomet guest16 evasion persistence rat trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

badzo.no-ip.org:80

Mutex

DC_MUTEX-82MKNGT

Attributes

InstallPath
system32\wuapp.exe
gencode
Gr6dTPRj3EsY
install
true
offline_keylogger
true
persistence
false
reg_key
Microsoft Windows Update

Targets

- Target
  
  5b91f5cb294f987aeeb2f60fbaf7a59b637ac9190b68d838de46dd56ee13c0ec
- Size
  
  854KB
- MD5
  
  4c8396f8db1a485dc0b93651d8f7dbd0
- SHA1
  
  ed5b2b872399519287c2a33f54ecd31337116711
- SHA256
  
  5b91f5cb294f987aeeb2f60fbaf7a59b637ac9190b68d838de46dd56ee13c0ec
- SHA512
  
  3d690b7664d6bb5d9c0c5fe17a02cd7450d717065e11a67cf4e13ffc5e3a0fe2a9836db48dfe8562eb83731c002f5fdc7882c9f1d73484da04496db9ce4f7f99
- SSDEEP
  
  24576:OZ1xuVVjfFoynPaVBUR8f+kN10EBKACG9egjT+:uQDgok30B7ojT+
Score

10^/10

darkcomet guest16 evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

guest16darkcomet

behavioral1

darkcometguest16evasionpersistencerattrojan

behavioral2

darkcometguest16evasionpersistencerattrojan

© 2018-2025

Terms | Privacy