darkcomet | e79a2e9a7c18dd17e15ebbf30cfd9d445b6fd81c55b53b2ad1eea96b64bdfc80 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...10.exe

windows7-x64

JaffaCakes...10.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_608219cba6663346e66932c65ab3ea10
Size

360KB
Sample

250101-zalqrasqas
MD5

608219cba6663346e66932c65ab3ea10
SHA1

f340a899c50dc4a73b289ed83bf332341e9999db
SHA256

e79a2e9a7c18dd17e15ebbf30cfd9d445b6fd81c55b53b2ad1eea96b64bdfc80
SHA512

16d9052af7a10032c4d4717c319633948ff5d43b552edf8558a8eecd1ccbd2779717e8568351b6d2b01180d8af8df174fc80035b8b5839fa0152c68ecf6da823
SSDEEP

6144:yEQgDCz8aHlgiFMD1AjP4eIBYkDnmC5q+jHbMpHTcHInL80HO:y8gPTjSM+jIpHTcc

Score

10^/10

darkcomet new16 discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_608219cba6663346e66932c65ab3ea10.exe

Resource

win7-20240903-en

darkcomet new16 discovery persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_608219cba6663346e66932c65ab3ea10.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

NEW16

C2

95.211.195.1:50045

94.242.252.66:50045

Mutex

DC_MUTEX-WD09Q5C

Attributes

gencode
N3qG1nSVu7yX
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  JaffaCakes118_608219cba6663346e66932c65ab3ea10
- Size
  
  360KB
- MD5
  
  608219cba6663346e66932c65ab3ea10
- SHA1
  
  f340a899c50dc4a73b289ed83bf332341e9999db
- SHA256
  
  e79a2e9a7c18dd17e15ebbf30cfd9d445b6fd81c55b53b2ad1eea96b64bdfc80
- SHA512
  
  16d9052af7a10032c4d4717c319633948ff5d43b552edf8558a8eecd1ccbd2779717e8568351b6d2b01180d8af8df174fc80035b8b5839fa0152c68ecf6da823
- SSDEEP
  
  6144:yEQgDCz8aHlgiFMD1AjP4eIBYkDnmC5q+jHbMpHTcHInL80HO:y8gPTjSM+jIpHTcc
Score

10^/10

darkcomet new16 discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometnew16discoverypersistencerattrojanupx

behavioral2

© 2018-2025

Terms | Privacy