darkcomet | e606eceb6e1428a830248465b97c5c691fdf7171d3c44bb78c884b080613755b | Triage

Submit
Reports

Overview

overview

Static

static

3

49cbcef1bf...18.exe

windows7-x64

49cbcef1bf...18.exe

windows10-2004-x64

Sharing

General

Target

49cbcef1bf022bd809668f51a63c2381_JaffaCakes118
Size

467KB
Sample

241015-yzlllsyfmq
MD5

49cbcef1bf022bd809668f51a63c2381
SHA1

d8297a28b2215256b439036ab3ceec068673abe2
SHA256

e606eceb6e1428a830248465b97c5c691fdf7171d3c44bb78c884b080613755b
SHA512

07eb7808b5cc8aee219e81347ed2f0abf3f8f4f71b1ac5f23e1ec160f589ed8c5746e07fa4c64f57a9e5f664b40d2513d0ff6994d8cd30e009d06f766c62280c
SSDEEP

12288:y8eC4YWdJCwMbYGN1UUNEYZUGfU1P8exOP77K1L6lp2:voYCC/3nUw7zfckmOahqp2

Score

10^/10

darkcomet xxxcmeptbxxx discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

49cbcef1bf022bd809668f51a63c2381_JaffaCakes118.exe

Resource

win7-20241010-en

darkcomet xxxcmeptbxxx discovery persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

49cbcef1bf022bd809668f51a63c2381_JaffaCakes118.exe

Resource

win10v2004-20241007-en

darkcomet xxxcmeptbxxx discovery persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

xXxCMEPTbxXx

C2

xxxcmeptbxxx.no-ip.biz:1604

Mutex

DCMIN_MUTEX-ZL5UMLB

Attributes

InstallPath
Update\ctlmon.exe
gencode
f11Hma1FJk9W
install
true
offline_keylogger
true
persistence
false
reg_key
�� Microsoft WINDOWS

Targets

- Target
  
  49cbcef1bf022bd809668f51a63c2381_JaffaCakes118
- Size
  
  467KB
- MD5
  
  49cbcef1bf022bd809668f51a63c2381
- SHA1
  
  d8297a28b2215256b439036ab3ceec068673abe2
- SHA256
  
  e606eceb6e1428a830248465b97c5c691fdf7171d3c44bb78c884b080613755b
- SHA512
  
  07eb7808b5cc8aee219e81347ed2f0abf3f8f4f71b1ac5f23e1ec160f589ed8c5746e07fa4c64f57a9e5f664b40d2513d0ff6994d8cd30e009d06f766c62280c
- SSDEEP
  
  12288:y8eC4YWdJCwMbYGN1UUNEYZUGfU1P8exOP77K1L6lp2:voYCC/3nUw7zfckmOahqp2
Score

10^/10

darkcomet xxxcmeptbxxx discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometxxxcmeptbxxxdiscoverypersistencerattrojanupx

behavioral2

darkcometxxxcmeptbxxxdiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy