darkcomet | e5c54e8c08be3b4e41d08b24ebcf8f99a37f587c11303dfd1a4672bb5eb3d4cc | Triage

Submit
Reports

Overview

overview

Static

static

heck.zip

windows10-2004-x64

Sharing

General

Target

heck.zip
Size

819KB
Sample

241202-154qgs1qak
MD5

dd652a718bced9e86425da269004c5c4
SHA1

d63f4d173ed9c6b2689f5a2db978f6e9fae11ebb
SHA256

e5c54e8c08be3b4e41d08b24ebcf8f99a37f587c11303dfd1a4672bb5eb3d4cc
SHA512

63da000f8065a5931d20dcb64b00f411188c6ddb09e7a708d88b240543f24fc169077b2500835496f57f56579ff71a94188c3f8c0d23e841c1b5609bc69d5355
SSDEEP

12288:dn+xqAHK8V0U/EYCa7P5W3RwMe4QGOmoZETqowpHuqZCFtnW1Xk3zsnNoRnXvC3H:1gbyU/EYnw32V4QFZETqo4lu0kCOqPx

Score

10^/10

darkcomet hacklenen discovery evasion persistence rat trojan upx

Static task

static1

upx hacklenen darkcomet

3 signatures

Behavioral task

behavioral1

Sample

heck.zip

Resource

win10v2004-20241007-en

darkcomet hacklenen discovery evasion persistence rat trojan upx

windows10-2004-x64

16 signatures

300 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Hacklenen

C2

tr3.localto.net:7975

tr3.localto.net:2152

Mutex

DC_MUTEX-GJULDQS

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
N2NDbd0wXxsm
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

Targets

- Target
  
  heck.zip
- Size
  
  819KB
- MD5
  
  dd652a718bced9e86425da269004c5c4
- SHA1
  
  d63f4d173ed9c6b2689f5a2db978f6e9fae11ebb
- SHA256
  
  e5c54e8c08be3b4e41d08b24ebcf8f99a37f587c11303dfd1a4672bb5eb3d4cc
- SHA512
  
  63da000f8065a5931d20dcb64b00f411188c6ddb09e7a708d88b240543f24fc169077b2500835496f57f56579ff71a94188c3f8c0d23e841c1b5609bc69d5355
- SSDEEP
  
  12288:dn+xqAHK8V0U/EYCa7P5W3RwMe4QGOmoZETqowpHuqZCFtnW1Xk3zsnNoRnXvC3H:1gbyU/EYnw32V4QFZETqo4lu0kCOqPx
Score

10^/10

darkcomet hacklenen discovery evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxhacklenendarkcomet

behavioral1

darkcomethacklenendiscoveryevasionpersistencerattrojanupx

© 2018-2025

Terms | Privacy