darkcomet | 9c5d33e58b7ef0eeb97ed7fe1f74f300949e9cab6e2354b0ad1cd3dc756bfcb9 | Triage

Submit
Reports

Overview

overview

Static

static

9c5d33e58b...b9.exe

windows7-x64

9c5d33e58b...b9.exe

windows10-2004-x64

Sharing

General

Target

9c5d33e58b7ef0eeb97ed7fe1f74f300949e9cab6e2354b0ad1cd3dc756bfcb9
Size

349KB
Sample

250221-e5r6sstkfm
MD5

ebef4f6c9ac0f0745df09a213224741d
SHA1

25e2d51e8be6e517822833fcb435cb772dfa49a9
SHA256

9c5d33e58b7ef0eeb97ed7fe1f74f300949e9cab6e2354b0ad1cd3dc756bfcb9
SHA512

ecc5a3cd54b3a92f359e1628739f361a1f26c03c19b6c454482c93a1e33c583454725bbda7b5cc98ee9d8b72ae8c1bf9e6b75b1f4ca0b248d4cf1f0cdd8cf3f8
SSDEEP

6144:QcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37aplvccV:QcW7KEZlPzCy372UcV

Score

10^/10

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

Static task

static1

upx guest16 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

9c5d33e58b7ef0eeb97ed7fe1f74f300949e9cab6e2354b0ad1cd3dc756bfcb9.exe

Resource

win7-20240903-en

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c5d33e58b7ef0eeb97ed7fe1f74f300949e9cab6e2354b0ad1cd3dc756bfcb9.exe

Resource

win10v2004-20250217-en

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

5.178.3.137:1604

Mutex

DC_MUTEX-R0H3Q6N

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
7JuUygohJeRF
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

rc4.plain

Targets

- Target
  
  9c5d33e58b7ef0eeb97ed7fe1f74f300949e9cab6e2354b0ad1cd3dc756bfcb9
- Size
  
  349KB
- MD5
  
  ebef4f6c9ac0f0745df09a213224741d
- SHA1
  
  25e2d51e8be6e517822833fcb435cb772dfa49a9
- SHA256
  
  9c5d33e58b7ef0eeb97ed7fe1f74f300949e9cab6e2354b0ad1cd3dc756bfcb9
- SHA512
  
  ecc5a3cd54b3a92f359e1628739f361a1f26c03c19b6c454482c93a1e33c583454725bbda7b5cc98ee9d8b72ae8c1bf9e6b75b1f4ca0b248d4cf1f0cdd8cf3f8
- SSDEEP
  
  6144:QcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37aplvccV:QcW7KEZlPzCy372UcV
Score

10^/10

darkcomet guest16 defense_evasion discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16defense_evasiondiscoverypersistencerattrojanupx

behavioral2

darkcometguest16defense_evasiondiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy