darkcomet | 21c62920a70490cb443dc876a025423a55cf70918bbfbfc7121d8d1e47cf9026 | Triage

Submit
Reports

Overview

overview

Static

static

333ee32408...18.exe

windows7-x64

333ee32408...18.exe

windows10-2004-x64

Sharing

General

Target

333ee3240844040307c8f94dd8727432_JaffaCakes118
Size

251KB
Sample

241011-e2kmjsvfnc
MD5

333ee3240844040307c8f94dd8727432
SHA1

8f0286086d4fcc5cc86cd1273ebf81a6d1f59930
SHA256

21c62920a70490cb443dc876a025423a55cf70918bbfbfc7121d8d1e47cf9026
SHA512

24c9ccf72c18ff1983304846ed0b54c9debba6fe5ea41b7692d49ba0b021ee09b7fe45c1ad8ecc8b55192819ce9b9a01be23bb3dd85027d9f336bb2e5b966606
SSDEEP

6144:gcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:gcW7KEZlPzCy37

Score

10^/10

darkcomet guest16 discovery persistence rat trojan upx

Static task

static1

upx guest16 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

333ee3240844040307c8f94dd8727432_JaffaCakes118.exe

Resource

win7-20240903-en

darkcomet guest16 discovery persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

333ee3240844040307c8f94dd8727432_JaffaCakes118.exe

Resource

win10v2004-20241007-en

darkcomet guest16 discovery persistence rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

serveralpha.no-ip.biz:200

Mutex

DC_MUTEX-KL1WYTJ

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
2V5Cy2WQxee7
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  333ee3240844040307c8f94dd8727432_JaffaCakes118
- Size
  
  251KB
- MD5
  
  333ee3240844040307c8f94dd8727432
- SHA1
  
  8f0286086d4fcc5cc86cd1273ebf81a6d1f59930
- SHA256
  
  21c62920a70490cb443dc876a025423a55cf70918bbfbfc7121d8d1e47cf9026
- SHA512
  
  24c9ccf72c18ff1983304846ed0b54c9debba6fe5ea41b7692d49ba0b021ee09b7fe45c1ad8ecc8b55192819ce9b9a01be23bb3dd85027d9f336bb2e5b966606
- SSDEEP
  
  6144:gcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:gcW7KEZlPzCy37
Score

10^/10

darkcomet guest16 discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16discoverypersistencerattrojanupx

behavioral2

darkcometguest16discoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy