darkcomet | dbdbee96e293e811fd197aaaa978b11d4c4752e5adad83cd977c835f349d65ef | Triage

Submit
Reports

Overview

overview

Static

static

5

2e3304da8d...18.exe

windows7-x64

2e3304da8d...18.exe

windows10-2004-x64

Sharing

General

Target

2e3304da8d9a54d3a7fb228e19db8f72_JaffaCakes118
Size

230KB
Sample

241009-kr54dsvfkg
MD5

2e3304da8d9a54d3a7fb228e19db8f72
SHA1

91ca6dc5965c5baae9683968d59ad668ff426787
SHA256

dbdbee96e293e811fd197aaaa978b11d4c4752e5adad83cd977c835f349d65ef
SHA512

65d785b294cb4e67e35d546da62db65a7f2e98650e681b31ee4ba0c3e7ad13a3c5fb437262d7607b10f720ba4186ba8e20e2bf1a74769764c27d6b423938a75c
SSDEEP

6144:V0eLNExQ3gmAG2j7580UJpvNH4TiXfBhkMgDVUqdgtcpgoS:VUQ4GA5sp+qBhi1HgoS

Score

10^/10

darkcomet nasit discovery persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2e3304da8d9a54d3a7fb228e19db8f72_JaffaCakes118.exe

Resource

win7-20240903-en

darkcomet nasit discovery persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2e3304da8d9a54d3a7fb228e19db8f72_JaffaCakes118.exe

Resource

win10v2004-20241007-en

darkcomet nasit discovery persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

nasit

C2

88.254.114.62:1604

Mutex

DCMIN_MUTEX-TSEC6XJ

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
HWaUf6XVhyqZ
install
true
offline_keylogger
true
persistence
false
reg_key
dnr

Targets

- Target
  
  2e3304da8d9a54d3a7fb228e19db8f72_JaffaCakes118
- Size
  
  230KB
- MD5
  
  2e3304da8d9a54d3a7fb228e19db8f72
- SHA1
  
  91ca6dc5965c5baae9683968d59ad668ff426787
- SHA256
  
  dbdbee96e293e811fd197aaaa978b11d4c4752e5adad83cd977c835f349d65ef
- SHA512
  
  65d785b294cb4e67e35d546da62db65a7f2e98650e681b31ee4ba0c3e7ad13a3c5fb437262d7607b10f720ba4186ba8e20e2bf1a74769764c27d6b423938a75c
- SSDEEP
  
  6144:V0eLNExQ3gmAG2j7580UJpvNH4TiXfBhkMgDVUqdgtcpgoS:VUQ4GA5sp+qBhi1HgoS
Score

10^/10

darkcomet nasit discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometnasitdiscoverypersistencerattrojanupx

behavioral2

darkcometnasitdiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy