darkcomet | e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

e770e0c3d4...52.exe

windows7-x64

e770e0c3d4...52.exe

windows10-2004-x64

Sharing

General

Target

e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552
Size

1.4MB
Sample

221204-dlkf6sbd54
MD5

e5aaaac2fcd910193e0e68491a549308
SHA1

41a38a84a97599310e5cdacf04b16da6aded7697
SHA256

e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552
SHA512

cd39febbfed12dda594cd057c21c88f0a2834fed9c5efeac6b0066dd39a4111c1b10343c23bfa8bb317fbf9d22e700cbd3ebefc31ebb56dcbe12be02983b58f0
SSDEEP

24576:6iC8pRuPliuuYmjBgtojHLJR533s4GoBg80IaKqVrS7i0ZESx3Y:6YpUPliuuYYutoTLJR533SoBg8bqxSJG

Score

10^/10

darkcomet rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552.exe

Resource

win7-20220901-en

darkcomet rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552.exe

Resource

win10v2004-20220901-en

darkcomet rat trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552
- Size
  
  1.4MB
- MD5
  
  e5aaaac2fcd910193e0e68491a549308
- SHA1
  
  41a38a84a97599310e5cdacf04b16da6aded7697
- SHA256
  
  e770e0c3d4ceed1562df98de7eb4a72728be2e71d8935a55ebe531bffd57c552
- SHA512
  
  cd39febbfed12dda594cd057c21c88f0a2834fed9c5efeac6b0066dd39a4111c1b10343c23bfa8bb317fbf9d22e700cbd3ebefc31ebb56dcbe12be02983b58f0
- SSDEEP
  
  24576:6iC8pRuPliuuYmjBgtojHLJR533s4GoBg80IaKqVrS7i0ZESx3Y:6YpUPliuuYYutoTLJR533SoBg8bqxSJG
Score

10^/10

darkcomet rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometrattrojan

behavioral2

darkcometrattrojan

© 2018-2025

Terms | Privacy