darkcomet | b9b9f2edb60ab5c21008910b03de4afe5337d5291ff7a18afff372968831ee5e | Triage

Submit
Reports

Overview

overview

Static

static

b9b9f2edb6...5e.exe

windows7-x64

b9b9f2edb6...5e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b9b9f2edb60ab5c21008910b03de4afe5337d5291ff7a18afff372968831ee5e
Size

1.0MB
Sample

221128-eegblscf89
MD5

bb09720fe59805b07b4298fccae0ec26
SHA1

69753eb1361c1408073658ddc88182c43dadcd1b
SHA256

b9b9f2edb60ab5c21008910b03de4afe5337d5291ff7a18afff372968831ee5e
SHA512

d48595b54d2864d2cb1ca29d23a67135af708f51f89f3441f30778b824d39dbe22387b65d8275346a8c806667701803bf82853b00ad81167b71a6c949489a72c
SSDEEP

24576:2fna/BVJIRZ+9zlmSzFpIS+1AhQwhJ+BHJyco9M/eVAyG:2fudmKzlmSzFWS+1JiJ4pyNWUtG

Score

10^/10

darkcomet newspread rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b9b9f2edb60ab5c21008910b03de4afe5337d5291ff7a18afff372968831ee5e.exe

Resource

win7-20220812-en

darkcomet newspread rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b9b9f2edb60ab5c21008910b03de4afe5337d5291ff7a18afff372968831ee5e.exe

Resource

win10v2004-20220812-en

darkcomet newspread rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

NewSpread

C2

shqipe1.no-ip.info:1604

Mutex

DC_MUTEX-2F2DLGK

Attributes

gencode
H59pxRy6hhJ5
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  b9b9f2edb60ab5c21008910b03de4afe5337d5291ff7a18afff372968831ee5e
- Size
  
  1.0MB
- MD5
  
  bb09720fe59805b07b4298fccae0ec26
- SHA1
  
  69753eb1361c1408073658ddc88182c43dadcd1b
- SHA256
  
  b9b9f2edb60ab5c21008910b03de4afe5337d5291ff7a18afff372968831ee5e
- SHA512
  
  d48595b54d2864d2cb1ca29d23a67135af708f51f89f3441f30778b824d39dbe22387b65d8275346a8c806667701803bf82853b00ad81167b71a6c949489a72c
- SSDEEP
  
  24576:2fna/BVJIRZ+9zlmSzFpIS+1AhQwhJ+BHJyco9M/eVAyG:2fudmKzlmSzFWS+1JiJ4pyNWUtG
Score

10^/10

darkcomet newspread rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometnewspreadrattrojanupx

behavioral2

darkcometnewspreadrattrojanupx

© 2018-2025

Terms | Privacy