darkcomet | a0025a6cf0dfdaa08349dbe3e13264d24e2b8f8d6f43f99ba5427c7de6c1f93c | Triage

Submit
Reports

Overview

overview

Static

static

5

f7fde5fd97...18.exe

windows7-x64

f7fde5fd97...18.exe

windows10-2004-x64

Sharing

General

Target

f7fde5fd9701a66a2278c15cb93d64a4_JaffaCakes118
Size

1.1MB
Sample

240926-knmsms1anh
MD5

f7fde5fd9701a66a2278c15cb93d64a4
SHA1

87e16c270fa099abc8730b6c71bb41fce3e56893
SHA256

a0025a6cf0dfdaa08349dbe3e13264d24e2b8f8d6f43f99ba5427c7de6c1f93c
SHA512

810577649f7699ed58e024023cf56945ae9d1f1cb6d29ba09f39c3fbcce3afab35e511cdf98587ab9c0eb0d8e0c7fc29518c6c8582cdd3960ba2fe69188e5d1c
SSDEEP

24576:jthEVaPqLvupTc6GT42PVIKMRpSEKZsvWXzlwyN6Mug3iqw:3EVUcAcjWK+sTQo5w0B3E

Score

10^/10

darkcomet latentbot pedo discovery persistence rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f7fde5fd9701a66a2278c15cb93d64a4_JaffaCakes118.exe

Resource

win7-20240708-en

darkcomet latentbot pedo discovery persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f7fde5fd9701a66a2278c15cb93d64a4_JaffaCakes118.exe

Resource

win10v2004-20240802-en

darkcomet latentbot pedo discovery persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Pedo

C2

kl0w.no-ip.org:1604

mozillaproxy.zapto.org:1604

Mutex

DC_MUTEX-DP8F6B1

Attributes

gencode
ACM2WY4UF9FU
install
false
offline_keylogger
true
persistence
false

Extracted

Family

latentbot

C2

mozillaproxy.zapto.org

Targets

- Target
  
  f7fde5fd9701a66a2278c15cb93d64a4_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  f7fde5fd9701a66a2278c15cb93d64a4
- SHA1
  
  87e16c270fa099abc8730b6c71bb41fce3e56893
- SHA256
  
  a0025a6cf0dfdaa08349dbe3e13264d24e2b8f8d6f43f99ba5427c7de6c1f93c
- SHA512
  
  810577649f7699ed58e024023cf56945ae9d1f1cb6d29ba09f39c3fbcce3afab35e511cdf98587ab9c0eb0d8e0c7fc29518c6c8582cdd3960ba2fe69188e5d1c
- SSDEEP
  
  24576:jthEVaPqLvupTc6GT42PVIKMRpSEKZsvWXzlwyN6Mug3iqw:3EVUcAcjWK+sTQo5w0B3E
Score

10^/10

darkcomet latentbot pedo discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometlatentbotpedodiscoverypersistencerattrojanupx

behavioral2

darkcometlatentbotpedodiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy