darkcomet | 1736d604d6c8a14948ebe5386727ca3de215e1163904eac094b39769b8faea64 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...6f.exe

windows7-x64

JaffaCakes...6f.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_25fef2629b1a28be76522da59a85506f
Size

850KB
Sample

241231-s75rkazler
MD5

25fef2629b1a28be76522da59a85506f
SHA1

e1c6b2ac497f253cb03aa69505111532b4241a38
SHA256

1736d604d6c8a14948ebe5386727ca3de215e1163904eac094b39769b8faea64
SHA512

8656b9393d45dda010013825238b8254404b89316511b66877f78ad5b61008cb4d50e48e749cb646ada5891299b85dd7342336b4024e034865cfa07d47e08617
SSDEEP

12288:j6qvGvd8EgWCKXtWxWT56LbdJ0Ua0c1xHVkPyjRIBTK+jUOq6fgJg0Ges/5rBY6:hvGvd8HK9hwLbdJp6/kIo7f

Score

10^/10

darkcomet guest16 discovery evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_25fef2629b1a28be76522da59a85506f.exe

Resource

win7-20241010-en

darkcomet guest16 discovery evasion rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_25fef2629b1a28be76522da59a85506f.exe

Resource

win10v2004-20241007-en

darkcomet guest16 discovery evasion rat trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

6.tcp.ngrok.io:10371

Mutex

DC_MUTEX-6TC6YTT

Attributes

gencode
6Wpjj0ueCN6h
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_25fef2629b1a28be76522da59a85506f
- Size
  
  850KB
- MD5
  
  25fef2629b1a28be76522da59a85506f
- SHA1
  
  e1c6b2ac497f253cb03aa69505111532b4241a38
- SHA256
  
  1736d604d6c8a14948ebe5386727ca3de215e1163904eac094b39769b8faea64
- SHA512
  
  8656b9393d45dda010013825238b8254404b89316511b66877f78ad5b61008cb4d50e48e749cb646ada5891299b85dd7342336b4024e034865cfa07d47e08617
- SSDEEP
  
  12288:j6qvGvd8EgWCKXtWxWT56LbdJ0Ua0c1xHVkPyjRIBTK+jUOq6fgJg0Ges/5rBY6:hvGvd8HK9hwLbdJp6/kIo7f
Score

10^/10

darkcomet guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16discoveryevasionrattrojan

behavioral2

darkcometguest16discoveryevasionrattrojan

© 2018-2025

Terms | Privacy