darkcomet | 951397418f92de4eac59fd9ee658aa84a355d8664b515e5b739e0fcb9a8790e5 | Triage

Submit
Reports

Overview

overview

Static

static

951397418f...e5.exe

windows7-x64

951397418f...e5.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

951397418f92de4eac59fd9ee658aa84a355d8664b515e5b739e0fcb9a8790e5
Size

648KB
Sample

221201-lzmsfsbf3s
MD5

abd8f98710e4a0179af227737b436a00
SHA1

2ca93c9a48b398b36b95c30ae5f4d80fbf0d806b
SHA256

951397418f92de4eac59fd9ee658aa84a355d8664b515e5b739e0fcb9a8790e5
SHA512

e0a5fc969cd94d6da2b1fe26eb0951bd782696ac2d9f567d550a811653d972bfaa689b35ac7548fa1a1b6d0e919815f21a61ffa1d7f3dfdaf565ec5bd38e80f6
SSDEEP

12288:w6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh8:VAmBpVKHu0Mu9Xo20VGLVP58

Score

10^/10

darkcomet evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

951397418f92de4eac59fd9ee658aa84a355d8664b515e5b739e0fcb9a8790e5.exe

Resource

win7-20221111-en

darkcomet evasion rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

951397418f92de4eac59fd9ee658aa84a355d8664b515e5b739e0fcb9a8790e5.exe

Resource

win10v2004-20220812-en

darkcomet evasion rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  951397418f92de4eac59fd9ee658aa84a355d8664b515e5b739e0fcb9a8790e5
- Size
  
  648KB
- MD5
  
  abd8f98710e4a0179af227737b436a00
- SHA1
  
  2ca93c9a48b398b36b95c30ae5f4d80fbf0d806b
- SHA256
  
  951397418f92de4eac59fd9ee658aa84a355d8664b515e5b739e0fcb9a8790e5
- SHA512
  
  e0a5fc969cd94d6da2b1fe26eb0951bd782696ac2d9f567d550a811653d972bfaa689b35ac7548fa1a1b6d0e919815f21a61ffa1d7f3dfdaf565ec5bd38e80f6
- SSDEEP
  
  12288:w6A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfh8:VAmBpVKHu0Mu9Xo20VGLVP58
Score

10^/10

darkcomet evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometevasionrattrojan

behavioral2

darkcometevasionrattrojan

© 2018-2025

Terms | Privacy