darkcomet | 59235141af41313f250d39a900b34389e30acba1bca01465859e0bd7dc5daf23 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

59235141af...23.exe

windows7-x64

59235141af...23.exe

windows10-2004-x64

Sharing

General

Target

59235141af41313f250d39a900b34389e30acba1bca01465859e0bd7dc5daf23
Size

659KB
Sample

221126-chrkmsdg26
MD5

4e91146d12250f89a4392770d4e89313
SHA1

b24be6a2eccfb8c6f7955cd5f6929d44ebcdd13e
SHA256

59235141af41313f250d39a900b34389e30acba1bca01465859e0bd7dc5daf23
SHA512

feb1d1055e14c702c61c41bdcee1c76dcef637abe242a46b56b1547f8a5e2a34225f2562379c785ed040c032d3891e5a003271020d958ed1215b7d00786d1d50
SSDEEP

12288:G9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hw:iZ1xuVVjfFoynPaVBUR8f+kN10EBm

Score

10^/10

darkcomet lena evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

59235141af41313f250d39a900b34389e30acba1bca01465859e0bd7dc5daf23.exe

Resource

win7-20220901-en

darkcomet lena evasion persistence rat trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

59235141af41313f250d39a900b34389e30acba1bca01465859e0bd7dc5daf23.exe

Resource

win10v2004-20220901-en

darkcomet lena evasion persistence rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Lena

C2

94.180.46.70:1604

Mutex

DC_MUTEX-UA0ZG0W

Attributes

InstallPath
windlogon.exe
gencode
wZvu2vV0X3gE
install
true
offline_keylogger
true
persistence
false
reg_key
windlogon

Targets

- Target
  
  59235141af41313f250d39a900b34389e30acba1bca01465859e0bd7dc5daf23
- Size
  
  659KB
- MD5
  
  4e91146d12250f89a4392770d4e89313
- SHA1
  
  b24be6a2eccfb8c6f7955cd5f6929d44ebcdd13e
- SHA256
  
  59235141af41313f250d39a900b34389e30acba1bca01465859e0bd7dc5daf23
- SHA512
  
  feb1d1055e14c702c61c41bdcee1c76dcef637abe242a46b56b1547f8a5e2a34225f2562379c785ed040c032d3891e5a003271020d958ed1215b7d00786d1d50
- SSDEEP
  
  12288:G9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hw:iZ1xuVVjfFoynPaVBUR8f+kN10EBm
Score

10^/10

darkcomet lena evasion persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlenaevasionpersistencerattrojan

behavioral2

darkcometlenaevasionpersistencerattrojan

© 2018-2025

Terms | Privacy