darkcomet | a7054916c930a731e93562e1ab235f2c47368822835caf4c783be41c0194ebd0 | Triage

Submit
Reports

Overview

overview

Static

static

a7054916c9...d0.exe

windows7-x64

a7054916c9...d0.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a7054916c930a731e93562e1ab235f2c47368822835caf4c783be41c0194ebd0
Size

451KB
Sample

221123-3wcazsgf6s
MD5

5291b75212883d2592693fe4a62ffe30
SHA1

d9f42b033b697b7bee193e04bb560373baab5bc0
SHA256

a7054916c930a731e93562e1ab235f2c47368822835caf4c783be41c0194ebd0
SHA512

689bca57c91945e9b8d000aa84873926b13752f39f31730d078c78213a1d6c996a8a1bb72e37b53731b3beaa0abecc84539a3118fc7fdfa4e7e5136c7128cfe6
SSDEEP

12288:UTFKfKr4/AmWt+0NJ/Jj0FsUjRMOkfZ2DbVyCrh5Rn2l0+:oQft9u+0Nb0nlqZ2D5yCrhvnW0+

Score

10^/10

darkcomet slideshow persistence rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a7054916c930a731e93562e1ab235f2c47368822835caf4c783be41c0194ebd0.exe

Resource

win7-20220812-en

darkcomet slideshow persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a7054916c930a731e93562e1ab235f2c47368822835caf4c783be41c0194ebd0.exe

Resource

win10v2004-20221111-en

darkcomet slideshow persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Slideshow

C2

tallow23.no-ip.biz:1604

Mutex

DC_MUTEX-77YAYL1

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
FitBzNHEyTgL
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  a7054916c930a731e93562e1ab235f2c47368822835caf4c783be41c0194ebd0
- Size
  
  451KB
- MD5
  
  5291b75212883d2592693fe4a62ffe30
- SHA1
  
  d9f42b033b697b7bee193e04bb560373baab5bc0
- SHA256
  
  a7054916c930a731e93562e1ab235f2c47368822835caf4c783be41c0194ebd0
- SHA512
  
  689bca57c91945e9b8d000aa84873926b13752f39f31730d078c78213a1d6c996a8a1bb72e37b53731b3beaa0abecc84539a3118fc7fdfa4e7e5136c7128cfe6
- SSDEEP
  
  12288:UTFKfKr4/AmWt+0NJ/Jj0FsUjRMOkfZ2DbVyCrh5Rn2l0+:oQft9u+0Nb0nlqZ2D5yCrhvnW0+
Score

10^/10

darkcomet slideshow persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometslideshowpersistencerattrojanupx

behavioral2

darkcometslideshowpersistencerattrojanupx

© 2018-2025

Terms | Privacy