darkcomet | 9c0976f4ddd64f3dfd4ef45e639e7878407d09de0f449688c445d86788afdc2b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

d73deeb57e...18.exe

windows7-x64

d73deeb57e...18.exe

windows10-2004-x64

Sharing

General

Target

d73deeb57ea83ac6bf26c82e410e6206_JaffaCakes118
Size

351KB
Sample

240909-23h7favejj
MD5

d73deeb57ea83ac6bf26c82e410e6206
SHA1

bbb303783e535b78f57e70150a5d3567fb4b754e
SHA256

9c0976f4ddd64f3dfd4ef45e639e7878407d09de0f449688c445d86788afdc2b
SHA512

15e74a47dae317301fed4ca068ba97a5b3f1d11cc91cbf9e6665048552c980fbe7e8c6cd8b1c96fb090e4e675dbc34281ef052d653a181de61ef4d9ff0ee0d4f
SSDEEP

6144:gD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZrm:gl8E4w5huat7UovONzbXwf

Score

10^/10

darkcomet hozkinzpoop discovery persistence rat trojan upx

Static task

static1

upx hozkinzpoop darkcomet

3 signatures

Behavioral task

behavioral1

Sample

d73deeb57ea83ac6bf26c82e410e6206_JaffaCakes118.exe

Resource

win7-20240729-en

darkcomet hozkinzpoop discovery persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d73deeb57ea83ac6bf26c82e410e6206_JaffaCakes118.exe

Resource

win10v2004-20240802-en

darkcomet hozkinzpoop discovery persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

HoZKiNZPooP

C2

herro4chan.zapto.org:2894

192.162.102.160:2894

Mutex

DC_MUTEX-7GYE6G4

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
9xTUTcl355dw
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  d73deeb57ea83ac6bf26c82e410e6206_JaffaCakes118
- Size
  
  351KB
- MD5
  
  d73deeb57ea83ac6bf26c82e410e6206
- SHA1
  
  bbb303783e535b78f57e70150a5d3567fb4b754e
- SHA256
  
  9c0976f4ddd64f3dfd4ef45e639e7878407d09de0f449688c445d86788afdc2b
- SHA512
  
  15e74a47dae317301fed4ca068ba97a5b3f1d11cc91cbf9e6665048552c980fbe7e8c6cd8b1c96fb090e4e675dbc34281ef052d653a181de61ef4d9ff0ee0d4f
- SSDEEP
  
  6144:gD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZrm:gl8E4w5huat7UovONzbXwf
Score

10^/10

darkcomet hozkinzpoop discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxhozkinzpoopdarkcomet

behavioral1

darkcomethozkinzpoopdiscoverypersistencerattrojanupx

behavioral2

darkcomethozkinzpoopdiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy