darkcomet | 9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9453b720fd...47.exe

windows7-x64

9453b720fd...47.exe

windows10-2004-x64

Sharing

General

Target

9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147
Size

999KB
Sample

221205-pcdstaha89
MD5

2e2db5e73ab5e187b4ed49f0382b8b91
SHA1

890531ff8a5c492a7624854dc8c124e6cf9d38ca
SHA256

9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147
SHA512

3ba7f26bc8f5706012301fc14f79803c0e6987d2d81680fa959fda1dcbfa060a2fee2e61fd9729ba581f08d26c484eb521a69a185c674b7dcdf7c4c55102f3bb
SSDEEP

12288:M6+GEHHrs3wo5Y/FtqyNzN/0gAhqNOAk55L3KFNqxLenk:M6NEHHrs36FN/0gpNOAkAO0k

Score

10^/10

darkcomet persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147.exe

Resource

win7-20220812-en

darkcomet persistence rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147.exe

Resource

win10v2004-20220812-en

darkcomet persistence rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147
- Size
  
  999KB
- MD5
  
  2e2db5e73ab5e187b4ed49f0382b8b91
- SHA1
  
  890531ff8a5c492a7624854dc8c124e6cf9d38ca
- SHA256
  
  9453b720fd014658a07748730b6376835e897d30a53b4be5297331a0e212e147
- SHA512
  
  3ba7f26bc8f5706012301fc14f79803c0e6987d2d81680fa959fda1dcbfa060a2fee2e61fd9729ba581f08d26c484eb521a69a185c674b7dcdf7c4c55102f3bb
- SSDEEP
  
  12288:M6+GEHHrs3wo5Y/FtqyNzN/0gAhqNOAk55L3KFNqxLenk:M6NEHHrs36FN/0gpNOAkAO0k
Score

10^/10

darkcomet persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojan

behavioral2

darkcometpersistencerattrojan

© 2018-2025

Terms | Privacy