darkcomet | 1b381d766da86aa6b98f53bc3006658909538ee3314f6b713fbec64a266c1623 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...af.exe

windows7-x64

JaffaCakes...af.exe

windows10-2004-x64

7

Sharing

General

Target

JaffaCakes118_61fdf49099469563aa4442c198855baf
Size

1.1MB
Sample

250102-chal5azkfr
MD5

61fdf49099469563aa4442c198855baf
SHA1

6a9965e6691ed6132dd968e2a1ff08e8594eb672
SHA256

1b381d766da86aa6b98f53bc3006658909538ee3314f6b713fbec64a266c1623
SHA512

a33badc4a7187178dd2609456746951a6347fc26431d4e5ed36cec98d0842f7c1a998e2c4096f947f1deadc364a92702fcd6f410b0882fda55d658efa8b7a78f
SSDEEP

24576:fafGiYtto6oCfd0+X7Q3CiTApWsN1X7Q7Fsx2k2Y:U0pZRHWsL7Us8

Score

10^/10

darkcomet discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_61fdf49099469563aa4442c198855baf.exe

Resource

win7-20240903-en

darkcomet discovery persistence rat trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_61fdf49099469563aa4442c198855baf.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_61fdf49099469563aa4442c198855baf
- Size
  
  1.1MB
- MD5
  
  61fdf49099469563aa4442c198855baf
- SHA1
  
  6a9965e6691ed6132dd968e2a1ff08e8594eb672
- SHA256
  
  1b381d766da86aa6b98f53bc3006658909538ee3314f6b713fbec64a266c1623
- SHA512
  
  a33badc4a7187178dd2609456746951a6347fc26431d4e5ed36cec98d0842f7c1a998e2c4096f947f1deadc364a92702fcd6f410b0882fda55d658efa8b7a78f
- SSDEEP
  
  24576:fafGiYtto6oCfd0+X7Q3CiTApWsN1X7Q7Fsx2k2Y:U0pZRHWsL7Us8
Score

10^/10

darkcomet discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojanupx

behavioral2

© 2018-2025

Terms | Privacy