darkcomet | 2c5b634e18fdc4cc0c0daab895847ed18260744b89340d0b09161eb231b12a82 | Triage

Submit
Reports

Overview

overview

Static

static

7

2c5b634e18...82.exe

windows7-x64

2c5b634e18...82.exe

windows10-2004-x64

Sharing

General

Target

2c5b634e18fdc4cc0c0daab895847ed18260744b89340d0b09161eb231b12a82.exe
Size

592KB
Sample

240705-cr862szfnn
MD5

0e7fad254ed09b546251ef7649a06690
SHA1

fd92cb92811868b7a3b0f0b387c4ab2c5c25f079
SHA256

2c5b634e18fdc4cc0c0daab895847ed18260744b89340d0b09161eb231b12a82
SHA512

3be53b5dc013c5e95927db8eecf3eea9219da982c4bada49603050754ec0753d66d9b0aa66e92ee9ac9629837fadddb518f4b95cf3814b77e552d1764d46cf3f
SSDEEP

12288:wcWRJxhIUKofd9S88itJsL6s8GwUF81yn0FI/6IC0XoSM:TW/xhIUKofSytJsL6HUP0OHCp

Score

10^/10

darkcomet persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2c5b634e18fdc4cc0c0daab895847ed18260744b89340d0b09161eb231b12a82.exe

Resource

win7-20240704-en

darkcomet persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2c5b634e18fdc4cc0c0daab895847ed18260744b89340d0b09161eb231b12a82.exe

Resource

win10v2004-20240704-en

darkcomet persistence rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  2c5b634e18fdc4cc0c0daab895847ed18260744b89340d0b09161eb231b12a82.exe
- Size
  
  592KB
- MD5
  
  0e7fad254ed09b546251ef7649a06690
- SHA1
  
  fd92cb92811868b7a3b0f0b387c4ab2c5c25f079
- SHA256
  
  2c5b634e18fdc4cc0c0daab895847ed18260744b89340d0b09161eb231b12a82
- SHA512
  
  3be53b5dc013c5e95927db8eecf3eea9219da982c4bada49603050754ec0753d66d9b0aa66e92ee9ac9629837fadddb518f4b95cf3814b77e552d1764d46cf3f
- SSDEEP
  
  12288:wcWRJxhIUKofd9S88itJsL6s8GwUF81yn0FI/6IC0XoSM:TW/xhIUKofSytJsL6HUP0OHCp
Score

10^/10

darkcomet persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometpersistencerattrojanupx

behavioral2

darkcometpersistencerattrojanupx

© 2018-2025

Terms | Privacy