darkcomet | 1bb857d88658a768525b56c6078b3595de3493f20ad11dd835ca88cde39ea630 | Triage

Submit
Reports

Overview

overview

Static

static

3

5d1867a42f...18.exe

windows7-x64

5d1867a42f...18.exe

windows10-2004-x64

Sharing

General

Target

5d1867a42f169529137322d8801a7fa9_JaffaCakes118
Size

455KB
Sample

240719-wvdn4atdkj
MD5

5d1867a42f169529137322d8801a7fa9
SHA1

0de270b151b42984c632232b578b5b3e09b441d4
SHA256

1bb857d88658a768525b56c6078b3595de3493f20ad11dd835ca88cde39ea630
SHA512

5fba551d7e620ec085490999a011aac6ff45ad9b446f057e4482b34589ec991adf818d07924c2d875b7bb0b306075e28a8be38e7a7062ff5cffab877a30dd2c5
SSDEEP

6144:lUTE/NY+73sDjmYglQ1h7tB/KrCS7lz7WEua6PvM86a2nwSzvkQSKkE/WCQtHBxS:aT0NY+7aqYgi1hqJEEl8WMQSKkE/LVJ

Score

10^/10

darkcomet latentbot guest16 evasion rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5d1867a42f169529137322d8801a7fa9_JaffaCakes118.exe

Resource

win7-20240708-en

darkcomet latentbot guest16 evasion rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d1867a42f169529137322d8801a7fa9_JaffaCakes118.exe

Resource

win10v2004-20240709-en

darkcomet latentbot guest16 evasion rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

darkcometsa.zapto.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
UPksglL72mhy
install
false
offline_keylogger
true
persistence
false

Extracted

Family

latentbot

C2

darkcometsa.zapto.org

Targets

- Target
  
  5d1867a42f169529137322d8801a7fa9_JaffaCakes118
- Size
  
  455KB
- MD5
  
  5d1867a42f169529137322d8801a7fa9
- SHA1
  
  0de270b151b42984c632232b578b5b3e09b441d4
- SHA256
  
  1bb857d88658a768525b56c6078b3595de3493f20ad11dd835ca88cde39ea630
- SHA512
  
  5fba551d7e620ec085490999a011aac6ff45ad9b446f057e4482b34589ec991adf818d07924c2d875b7bb0b306075e28a8be38e7a7062ff5cffab877a30dd2c5
- SSDEEP
  
  6144:lUTE/NY+73sDjmYglQ1h7tB/KrCS7lz7WEua6PvM86a2nwSzvkQSKkE/WCQtHBxS:aT0NY+7aqYgi1hqJEEl8WMQSKkE/LVJ
Score

10^/10

darkcomet latentbot guest16 evasion rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotguest16evasionrattrojanupx

behavioral2

darkcometlatentbotguest16evasionrattrojanupx

© 2018-2025

Terms | Privacy