darkcomet | e183e9fadca4fb94ecca6406d94af72c20293eb3ede73ed1b9266403bef2e482 | Triage

Submit
Reports

Overview

overview

Static

static

e183e9fadc...82.exe

windows7-x64

e183e9fadc...82.exe

windows10-2004-x64

Sharing

General

Target

e183e9fadca4fb94ecca6406d94af72c20293eb3ede73ed1b9266403bef2e482
Size

916KB
Sample

221201-t7j1jabh6x
MD5

02a93c181aa787c5b4dd74ac314938f6
SHA1

03d9ce339c557636a74ceda3b9a30ceb36a119df
SHA256

e183e9fadca4fb94ecca6406d94af72c20293eb3ede73ed1b9266403bef2e482
SHA512

0aa5522749923910babf2125748ab1932c5528b9a61ec8182f396727b8a29f330f36683ee0ff3b2c87f9756dc4642d6eab9a43f2d9e0f672373f3dc2e6363f19
SSDEEP

12288:Coro7edR+tBKnB9aji1Wnbl5FA9JUDgGfL29X5XK5czlcYY9t:Coro7edwtwnBgjiGxbk3G1t

Score

10^/10

darkcomet guest16 evasion rat trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e183e9fadca4fb94ecca6406d94af72c20293eb3ede73ed1b9266403bef2e482.exe

Resource

win7-20221111-en

darkcomet guest16 evasion rat trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e183e9fadca4fb94ecca6406d94af72c20293eb3ede73ed1b9266403bef2e482.exe

Resource

win10v2004-20221111-en

darkcomet guest16 evasion rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

85.114.21.112:1604

Mutex

DC_MUTEX-GKQEPVA

Attributes

gencode
8jMC0K0T3d3j
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  e183e9fadca4fb94ecca6406d94af72c20293eb3ede73ed1b9266403bef2e482
- Size
  
  916KB
- MD5
  
  02a93c181aa787c5b4dd74ac314938f6
- SHA1
  
  03d9ce339c557636a74ceda3b9a30ceb36a119df
- SHA256
  
  e183e9fadca4fb94ecca6406d94af72c20293eb3ede73ed1b9266403bef2e482
- SHA512
  
  0aa5522749923910babf2125748ab1932c5528b9a61ec8182f396727b8a29f330f36683ee0ff3b2c87f9756dc4642d6eab9a43f2d9e0f672373f3dc2e6363f19
- SSDEEP
  
  12288:Coro7edR+tBKnB9aji1Wnbl5FA9JUDgGfL29X5XK5czlcYY9t:Coro7edwtwnBgjiGxbk3G1t
Score

10^/10

darkcomet guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16evasionrattrojanupx

behavioral2

darkcometguest16evasionrattrojanupx

© 2018-2025

Terms | Privacy