darkcomet | a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a2e42261bd...02.exe

windows7-x64

a2e42261bd...02.exe

windows10-2004-x64

Sharing

General

Target

a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02
Size

820KB
Sample

221205-mezf7aae74
MD5

4408d904c304c3becc5b3f28b9fd2b62
SHA1

741db1ee6c9dd4daa862c531d4194b2745aa2789
SHA256

a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02
SHA512

ac8b1be8f655a8e9e1084c63b6677de0b21d515fb07d8e09e43f8f4135532561adf703e71348ff6375eb68697170c6044c7a59fb8227bb9b1dababba6db9fa32
SSDEEP

12288:xMrCcQ74kKTUtCkUAlnw8Do0WtJKQV5hcJzkOjsJ7KYk62c5iCCMDGBpU2Uq:684kbUAlnw8DoD2Q7LmT6LiCnGBpkq

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02.exe

Resource

win7-20221111-en

darkcomet persistence rat trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02.exe

Resource

win10v2004-20221111-en

darkcomet persistence rat trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02
- Size
  
  820KB
- MD5
  
  4408d904c304c3becc5b3f28b9fd2b62
- SHA1
  
  741db1ee6c9dd4daa862c531d4194b2745aa2789
- SHA256
  
  a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02
- SHA512
  
  ac8b1be8f655a8e9e1084c63b6677de0b21d515fb07d8e09e43f8f4135532561adf703e71348ff6375eb68697170c6044c7a59fb8227bb9b1dababba6db9fa32
- SSDEEP
  
  12288:xMrCcQ74kKTUtCkUAlnw8Do0WtJKQV5hcJzkOjsJ7KYk62c5iCCMDGBpU2Uq:684kbUAlnw8DoD2Q7LmT6LiCnGBpkq
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2025

Terms | Privacy