darkcomet | ca8fe5d792569f5e866d1a5b173de5fc9158b4e597e416fab89600abd7ac485c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...90.exe

windows7-x64

JaffaCakes...90.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_617c0618203542d377000e452828f790
Size

952KB
Sample

250102-ahxqjsslgx
MD5

617c0618203542d377000e452828f790
SHA1

79a66972ca16b3b43723e26aaf1701a36668746e
SHA256

ca8fe5d792569f5e866d1a5b173de5fc9158b4e597e416fab89600abd7ac485c
SHA512

eead965c2929d0b52cf823d7d08ce9c16c2ab4bcd579236266f0d2695060c2c4c6c6d310e9b82746436fc04d69c78d70caff0edebd72be272091ad1490857ec1
SSDEEP

12288:byyy7Z3z4I8NXOGjwwG/ZjXsAHHz79p9NM5Tz103j2CF4TxQUOfhVPOSAE//VAci:baCI2OewFJN4mkxyHnnew1SatLRzD

Score

10^/10

darkcomet discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_617c0618203542d377000e452828f790.exe

Resource

win7-20240903-en

darkcomet discovery persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_617c0618203542d377000e452828f790.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_617c0618203542d377000e452828f790
- Size
  
  952KB
- MD5
  
  617c0618203542d377000e452828f790
- SHA1
  
  79a66972ca16b3b43723e26aaf1701a36668746e
- SHA256
  
  ca8fe5d792569f5e866d1a5b173de5fc9158b4e597e416fab89600abd7ac485c
- SHA512
  
  eead965c2929d0b52cf823d7d08ce9c16c2ab4bcd579236266f0d2695060c2c4c6c6d310e9b82746436fc04d69c78d70caff0edebd72be272091ad1490857ec1
- SSDEEP
  
  12288:byyy7Z3z4I8NXOGjwwG/ZjXsAHHz79p9NM5Tz103j2CF4TxQUOfhVPOSAE//VAci:baCI2OewFJN4mkxyHnnew1SatLRzD
Score

10^/10

darkcomet discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojanupx

behavioral2

© 2018-2025

Terms | Privacy