darkcomet | 9be9f7f0d9a3b5ca8c70f238778a8c0fac2e6e062c44dfd7397331f515be9577 | Triage

Submit
Reports

Overview

overview

Static

static

5

9be9f7f0d9...77.exe

windows7-x64

9be9f7f0d9...77.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

9be9f7f0d9a3b5ca8c70f238778a8c0fac2e6e062c44dfd7397331f515be9577
Size

1.5MB
Sample

221127-nkcp2sgg4x
MD5

254c429729e485eb3599cb4b501212d8
SHA1

2e5909035b10f5f5a670a0c2609b5d74af9ff6f9
SHA256

9be9f7f0d9a3b5ca8c70f238778a8c0fac2e6e062c44dfd7397331f515be9577
SHA512

75581e17b49a108a684f3d270f235d3b43ba0ebf839864633097f7010c421bb9b2a084f9a844bf5781677668557dbad2dac9185a4a9270ea0edef49af6bf1a54
SSDEEP

24576:ttb20pkaCqT5TBWgNQ7a79y/if+9vwjDVuOsSzVqruTqi4YSP7FU6A:eVg5tQ7a7o/if+dwjjdVDTv4vPm5

Score

10^/10

darkcomet guest16_min persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9be9f7f0d9a3b5ca8c70f238778a8c0fac2e6e062c44dfd7397331f515be9577.exe

Resource

win7-20220812-en

darkcomet persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9be9f7f0d9a3b5ca8c70f238778a8c0fac2e6e062c44dfd7397331f515be9577.exe

Resource

win10v2004-20220812-en

darkcomet guest16_min persistence rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

nephgo.chickenkiller.com:1111

Mutex

DCMIN_MUTEX-TS6ZBWR

Attributes

gencode
nNcJ2WSWia20
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  9be9f7f0d9a3b5ca8c70f238778a8c0fac2e6e062c44dfd7397331f515be9577
- Size
  
  1.5MB
- MD5
  
  254c429729e485eb3599cb4b501212d8
- SHA1
  
  2e5909035b10f5f5a670a0c2609b5d74af9ff6f9
- SHA256
  
  9be9f7f0d9a3b5ca8c70f238778a8c0fac2e6e062c44dfd7397331f515be9577
- SHA512
  
  75581e17b49a108a684f3d270f235d3b43ba0ebf839864633097f7010c421bb9b2a084f9a844bf5781677668557dbad2dac9185a4a9270ea0edef49af6bf1a54
- SSDEEP
  
  24576:ttb20pkaCqT5TBWgNQ7a79y/if+9vwjDVuOsSzVqruTqi4YSP7FU6A:eVg5tQ7a7o/if+dwjjdVDTv4vPm5
Score

10^/10

darkcomet persistence rat trojan guest16_min
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometguest16_minpersistencerattrojan

© 2018-2025

Terms | Privacy