darkcomet | 6a8f1e064f0b2da3fa45022c5ed1408256c8f12c9631442eb5930277916485f5 | Triage

Submit
Reports

Overview

overview

Static

static

6a8f1e064f...f5.exe

windows7-x64

6a8f1e064f...f5.exe

windows10-2004-x64

Sharing

General

Target

6a8f1e064f0b2da3fa45022c5ed1408256c8f12c9631442eb5930277916485f5.exe
Size

283KB
Sample

250108-yr75mstmdm
MD5

bff9a9f371171e16afab59da8dfdc680
SHA1

4c5c35c997754b5d99907b4c4c1c45d08b37cc0f
SHA256

6a8f1e064f0b2da3fa45022c5ed1408256c8f12c9631442eb5930277916485f5
SHA512

e979fb4525aca5d8314bbc2c9e6241859771ac425606921260d2cd8d6e9aacb6c5d9a8105c3b260d9d4a7f7c88936077dd6375f69d5050331d679a3031b1ee64
SSDEEP

6144:ycNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37hjWX:ycW7KEZlPzCy37hjWX

Score

10^/10

darkcomet tio discovery evasion persistence rat trojan upx

Static task

static1

upx tio darkcomet

3 signatures

Behavioral task

behavioral1

Sample

6a8f1e064f0b2da3fa45022c5ed1408256c8f12c9631442eb5930277916485f5.exe

Resource

win7-20240903-en

darkcomet tio discovery evasion persistence rat trojan upx

windows7-x64

20 signatures

120 seconds

Behavioral task

behavioral2

Sample

6a8f1e064f0b2da3fa45022c5ed1408256c8f12c9631442eb5930277916485f5.exe

Resource

win10v2004-20241007-en

darkcomet tio discovery evasion persistence rat trojan upx

windows10-2004-x64

21 signatures

120 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

tio

C2

2.82.41.139:80

Mutex

DC_MUTEX-277EST2

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
EnEvlyl9AxvG
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

Targets

- Target
  
  6a8f1e064f0b2da3fa45022c5ed1408256c8f12c9631442eb5930277916485f5.exe
- Size
  
  283KB
- MD5
  
  bff9a9f371171e16afab59da8dfdc680
- SHA1
  
  4c5c35c997754b5d99907b4c4c1c45d08b37cc0f
- SHA256
  
  6a8f1e064f0b2da3fa45022c5ed1408256c8f12c9631442eb5930277916485f5
- SHA512
  
  e979fb4525aca5d8314bbc2c9e6241859771ac425606921260d2cd8d6e9aacb6c5d9a8105c3b260d9d4a7f7c88936077dd6375f69d5050331d679a3031b1ee64
- SSDEEP
  
  6144:ycNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37hjWX:ycW7KEZlPzCy37hjWX
Score

10^/10

darkcomet tio discovery evasion persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxtiodarkcomet

behavioral1

darkcomettiodiscoveryevasionpersistencerattrojanupx

behavioral2

darkcomettiodiscoveryevasionpersistencerattrojanupx

© 2018-2025

Terms | Privacy