darkcomet | 71e9c343e1350db04d97d960f91163ea0d8c33d8149ab6225b0e018e8c161181 | Triage

Submit
Reports

Overview

overview

Static

static

3

67abc4d851...18.exe

windows7-x64

67abc4d851...18.exe

windows10-2004-x64

Sharing

General

Target

67abc4d8511bef88b5cd7b5884951bf5_JaffaCakes118
Size

653KB
Sample

240723-p4j4xatdnh
MD5

67abc4d8511bef88b5cd7b5884951bf5
SHA1

1e6e8907e291bb71e3d2d1b5050be3a60d39f646
SHA256

71e9c343e1350db04d97d960f91163ea0d8c33d8149ab6225b0e018e8c161181
SHA512

bdd62c7d12dad525a874c689a4f46c7ff068eb2b96620a6945b87ca6e66db54f21652c26ca10eae286f048accf634f1af85aff2439fd4985f596f3108bcd8b7a
SSDEEP

12288:I5MlYxLWIpdgFFyIJjr2I9hPUkxuJzRUL9pYe2Xduxni+Tj:Ia4WLbJH2Wdx0JzRULjn2aT

Score

10^/10

darkcomet latentbot outbound persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

67abc4d8511bef88b5cd7b5884951bf5_JaffaCakes118.exe

Resource

win7-20240704-en

darkcomet latentbot outbound persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

67abc4d8511bef88b5cd7b5884951bf5_JaffaCakes118.exe

Resource

win10v2004-20240709-en

darkcomet latentbot outbound persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Outbound

C2

darkcometsa.zapto.org:1604

Mutex

DC_MUTEX-DTNGSWK

Attributes

gencode
83vLgsEx21jQ
install
false
offline_keylogger
true
password
mikeyj4711
persistence
false

Extracted

Family

latentbot

C2

darkcometsa.zapto.org

Targets

- Target
  
  67abc4d8511bef88b5cd7b5884951bf5_JaffaCakes118
- Size
  
  653KB
- MD5
  
  67abc4d8511bef88b5cd7b5884951bf5
- SHA1
  
  1e6e8907e291bb71e3d2d1b5050be3a60d39f646
- SHA256
  
  71e9c343e1350db04d97d960f91163ea0d8c33d8149ab6225b0e018e8c161181
- SHA512
  
  bdd62c7d12dad525a874c689a4f46c7ff068eb2b96620a6945b87ca6e66db54f21652c26ca10eae286f048accf634f1af85aff2439fd4985f596f3108bcd8b7a
- SSDEEP
  
  12288:I5MlYxLWIpdgFFyIJjr2I9hPUkxuJzRUL9pYe2Xduxni+Tj:Ia4WLbJH2Wdx0JzRULjn2aT
Score

10^/10

darkcomet latentbot outbound persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotoutboundpersistencerattrojanupx

behavioral2

darkcometlatentbotoutboundpersistencerattrojanupx

© 2018-2025

Terms | Privacy