darkcomet | b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842 | Triage

Submit
Reports

Overview

overview

Static

static

b205c54897...42.exe

windows7-x64

b205c54897...42.exe

windows10-2004-x64

Sharing

General

Target

b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842
Size

3.3MB
Sample

221205-hcdz9adg24
MD5

4c8104511d3397cc60a289802fef826c
SHA1

beed9b44d8556122407c4e2c23300615d57a1a77
SHA256

b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842
SHA512

6292101dce13cc1eea4038a4aa10853eef3fa37783932f45c4fb2c6da191bc0de53550568e49407208abd8645fc4e5a4ea3c56b361822771823f6507c99aa219
SSDEEP

98304:3ZccpCPWe6/IL/zqLJIEsHtEgfylQ+e63gFPtmGppT:3ZccpCPK/EzqLJxoyYbP7

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842.exe

Resource

win7-20221111-en

darkcomet persistence rat trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842.exe

Resource

win10v2004-20220901-en

darkcomet persistence rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842
- Size
  
  3.3MB
- MD5
  
  4c8104511d3397cc60a289802fef826c
- SHA1
  
  beed9b44d8556122407c4e2c23300615d57a1a77
- SHA256
  
  b205c548973c6e968d8f1fd79275dae34406c10ae1577c25193f2b5058248842
- SHA512
  
  6292101dce13cc1eea4038a4aa10853eef3fa37783932f45c4fb2c6da191bc0de53550568e49407208abd8645fc4e5a4ea3c56b361822771823f6507c99aa219
- SSDEEP
  
  98304:3ZccpCPWe6/IL/zqLJIEsHtEgfylQ+e63gFPtmGppT:3ZccpCPK/EzqLJxoyYbP7
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.