darkcomet | b96697777782b12c83a6791e7ab2e4bddc8afaf784716b3b7dac84f710f521da | Triage

Submit
Reports

Overview

overview

Static

static

b966977777...da.exe

windows7-x64

b966977777...da.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b96697777782b12c83a6791e7ab2e4bddc8afaf784716b3b7dac84f710f521da
Size

585KB
Sample

221125-3hjsxahg3v
MD5

733284fd88c1db268eb8d011b4ab155a
SHA1

7905d4a7cdcf06ba4fac0cda840d409e90e4325f
SHA256

b96697777782b12c83a6791e7ab2e4bddc8afaf784716b3b7dac84f710f521da
SHA512

4a4fbf796be223c1b3b7f6774cf2917f5787a3c73c3b32c7b12307f54bbcb89c8d3d4607d34d1b87e2df95839304fc92b28a169f5d8a33ca41cfc6896322e118
SSDEEP

12288:Si0+UP5VGcS2/cpcxLES/DFpCi1X3JKnNvwFBmz0QRcxA:zW5SnOufi/FBiD6S

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b96697777782b12c83a6791e7ab2e4bddc8afaf784716b3b7dac84f710f521da.exe

Resource

win7-20220901-en

darkcomet guest16 evasion rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b96697777782b12c83a6791e7ab2e4bddc8afaf784716b3b7dac84f710f521da.exe

Resource

win10v2004-20220812-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

homeserver83.no-ip.org:1604

Mutex

dwer7685bzbb5zb5

Attributes

gencode
tnTKlQcQtkbM
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  b96697777782b12c83a6791e7ab2e4bddc8afaf784716b3b7dac84f710f521da
- Size
  
  585KB
- MD5
  
  733284fd88c1db268eb8d011b4ab155a
- SHA1
  
  7905d4a7cdcf06ba4fac0cda840d409e90e4325f
- SHA256
  
  b96697777782b12c83a6791e7ab2e4bddc8afaf784716b3b7dac84f710f521da
- SHA512
  
  4a4fbf796be223c1b3b7f6774cf2917f5787a3c73c3b32c7b12307f54bbcb89c8d3d4607d34d1b87e2df95839304fc92b28a169f5d8a33ca41cfc6896322e118
- SSDEEP
  
  12288:Si0+UP5VGcS2/cpcxLES/DFpCi1X3JKnNvwFBmz0QRcxA:zW5SnOufi/FBiD6S
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16evasionrattrojanupx

behavioral2

darkcometguest16evasionrattrojanupx

© 2018-2025

Terms | Privacy