darkcomet | 89c08f9425b6ccc85624c6701ffa6af10a2596935c2a2347f574cc7b40dc9ecb | Triage

Submit
Reports

Overview

overview

Static

static

5

89c08f9425...cb.exe

windows7-x64

89c08f9425...cb.exe

windows10-2004-x64

Sharing

General

Target

89c08f9425b6ccc85624c6701ffa6af10a2596935c2a2347f574cc7b40dc9ecb.exe
Size

576KB
Sample

250323-w7pbcsvk17
MD5

ea4445e41347ed5e6d5cc9efa9870c49
SHA1

afc184e6231a3a7ab018fa0454d599707533115e
SHA256

89c08f9425b6ccc85624c6701ffa6af10a2596935c2a2347f574cc7b40dc9ecb
SHA512

ce8093844144ff3ff81b479f325f25bb4b26ed447cc0f07a3fa9cba23ca601c1136ccee9c097d9da76314068362cb89d584d90ee0672b0b4b3c82f318bfbfb77
SSDEEP

12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS7:+NWPkHlUfBgpuPdWzyuDTifgyWlo

Score

10^/10

darkcomet toaksbitch discovery persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

89c08f9425b6ccc85624c6701ffa6af10a2596935c2a2347f574cc7b40dc9ecb.exe

Resource

win7-20250207-en

darkcomet toaksbitch discovery persistence rat trojan upx

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

89c08f9425b6ccc85624c6701ffa6af10a2596935c2a2347f574cc7b40dc9ecb.exe

Resource

win10v2004-20250314-en

darkcomet toaksbitch discovery persistence rat trojan upx

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

ToaksBitch

C2

letsgoboom.no-ip.info:1604

Mutex

DC_MUTEX-ADL2HN0

Attributes

gencode
vwp1Z9lmZ3Pj
install
false
offline_keylogger
true
password
runescaped
persistence
false

rc4.plain

Targets

- Target
  
  89c08f9425b6ccc85624c6701ffa6af10a2596935c2a2347f574cc7b40dc9ecb.exe
- Size
  
  576KB
- MD5
  
  ea4445e41347ed5e6d5cc9efa9870c49
- SHA1
  
  afc184e6231a3a7ab018fa0454d599707533115e
- SHA256
  
  89c08f9425b6ccc85624c6701ffa6af10a2596935c2a2347f574cc7b40dc9ecb
- SHA512
  
  ce8093844144ff3ff81b479f325f25bb4b26ed447cc0f07a3fa9cba23ca601c1136ccee9c097d9da76314068362cb89d584d90ee0672b0b4b3c82f318bfbfb77
- SSDEEP
  
  12288:+NWPkHlUkErBuxQ4uzi6d6dL/yiXLzeMdK6io8levy0FhVlpzkzDDoS7:+NWPkHlUfBgpuPdWzyuDTifgyWlo
Score

10^/10

darkcomet toaksbitch discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomettoaksbitchdiscoverypersistencerattrojanupx

behavioral2

darkcomettoaksbitchdiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy