darkcomet | 56d44f1bc684d5b24308fdcf2cc9e25adbe7a96f170900e978f2120a6f10f826 | Triage

Submit
Reports

Overview

overview

Static

static

5

JaffaCakes...91.exe

windows7-x64

JaffaCakes...91.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_55b2a24013188c8edd410d3feef91291
Size

929KB
Sample

250101-pzx5zaxngp
MD5

55b2a24013188c8edd410d3feef91291
SHA1

4b61c2e4ceb1bec720865285343d6dbdf31191fe
SHA256

56d44f1bc684d5b24308fdcf2cc9e25adbe7a96f170900e978f2120a6f10f826
SHA512

fec50faedf68bbe02a33c4bc8a4abef50b0fbb8d9ecd0c15f2695e48234b2cbaa382782c322d5778c7840c20a7f927439ef5c1fedbe29924f436fec8c647800b
SSDEEP

24576:k15XqaF/hrSj2yydT2SLsUmVzMA5o8KnZ1PMQ3B:kfjjArK6xzMo/KnrPMQR

Score

10^/10

darkcomet mini absolute discovery persistence rat spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_55b2a24013188c8edd410d3feef91291.exe

Resource

win7-20240903-en

darkcomet mini absolute discovery persistence rat spyware stealer trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_55b2a24013188c8edd410d3feef91291.exe

Resource

win10v2004-20241007-en

darkcomet mini absolute discovery rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Mini Absolute

C2

kallysky.no-ip.biz:100

Mutex

DCMIN_MUTEX-Y9S6G37

Attributes

gencode
0KU1aR0S8e4r
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_55b2a24013188c8edd410d3feef91291
- Size
  
  929KB
- MD5
  
  55b2a24013188c8edd410d3feef91291
- SHA1
  
  4b61c2e4ceb1bec720865285343d6dbdf31191fe
- SHA256
  
  56d44f1bc684d5b24308fdcf2cc9e25adbe7a96f170900e978f2120a6f10f826
- SHA512
  
  fec50faedf68bbe02a33c4bc8a4abef50b0fbb8d9ecd0c15f2695e48234b2cbaa382782c322d5778c7840c20a7f927439ef5c1fedbe29924f436fec8c647800b
- SSDEEP
  
  24576:k15XqaF/hrSj2yydT2SLsUmVzMA5o8KnZ1PMQ3B:kfjjArK6xzMo/KnrPMQR
Score

10^/10

darkcomet mini absolute discovery persistence rat spyware stealer trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometmini absolutediscoverypersistenceratspywarestealertrojanupx

behavioral2

darkcometmini absolutediscoveryrattrojanupx

© 2018-2025

Terms | Privacy