darkcomet | 514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

3db2660d7c...17.exe

windows7-x64

3db2660d7c...17.exe

windows10-2004-x64

3

Sharing

General

Target

3db2660d7cffcb682ce00e0bde927517
Size

860KB
Sample

240101-yap8haagh9
MD5

3db2660d7cffcb682ce00e0bde927517
SHA1

91c05b98597758c8f37c84f0addb074457ebee34
SHA256

514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710
SHA512

850f0f33032f16a090e09249a0671756ab341493a9e220587b5cf9b9d1f697e187c0bea49dd7f2a4c53c6deda8618674b48da5ebe6e7c1b7addfced99b6490c0
SSDEEP

12288:720LBewQKm0Ih+F2k2dVEqoGO2p4W/pSbhrwzrW90ivPG1AnvBMhxKy3C5imMdM3:7xBeCLIE+PoGO26cEmy0ivOa5aC0mAw

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3db2660d7cffcb682ce00e0bde927517.exe

Resource

win7-20231129-en

darkcomet persistence rat trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

3db2660d7cffcb682ce00e0bde927517.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  3db2660d7cffcb682ce00e0bde927517
- Size
  
  860KB
- MD5
  
  3db2660d7cffcb682ce00e0bde927517
- SHA1
  
  91c05b98597758c8f37c84f0addb074457ebee34
- SHA256
  
  514955742584b4b75e5c21274ed9b8f44baac47f1eac8939b35928ecff930710
- SHA512
  
  850f0f33032f16a090e09249a0671756ab341493a9e220587b5cf9b9d1f697e187c0bea49dd7f2a4c53c6deda8618674b48da5ebe6e7c1b7addfced99b6490c0
- SSDEEP
  
  12288:720LBewQKm0Ih+F2k2dVEqoGO2p4W/pSbhrwzrW90ivPG1AnvBMhxKy3C5imMdM3:7xBeCLIE+PoGO26cEmy0ivOa5aC0mAw
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

© 2018-2025

Terms | Privacy