darkcomet | 7ecb64fe1dc2bfa8633881618e70cc66f124e2c604c850956c1250c5f4754b92 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...08.exe

windows7-x64

JaffaCakes...08.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_63eef19448b880dc55a3a52bc9a8da08
Size

284KB
Sample

250102-ks6fjsxjdr
MD5

63eef19448b880dc55a3a52bc9a8da08
SHA1

93bb46edb40c00d4d2601f9662076e1565594683
SHA256

7ecb64fe1dc2bfa8633881618e70cc66f124e2c604c850956c1250c5f4754b92
SHA512

0a33f1554c831c6704830016b93eed51d1916ab8f51d9871c42542ffac31c28bec2b61b4d8fba1c298c6dda1d07ec4ae9301b2b511506e03f0a1fea3cff8138a
SSDEEP

6144:Flb6SDOiIN4o2cOMayarS0IjX7n6wXmzbBFX:F0Siiu2cOMayaZerXXmhFX

Score

10^/10

darkcomet discovery persistence rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_63eef19448b880dc55a3a52bc9a8da08.exe

Resource

win7-20241023-en

darkcomet discovery persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_63eef19448b880dc55a3a52bc9a8da08.exe

Resource

win10v2004-20241007-en

darkcomet discovery persistence rat trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_63eef19448b880dc55a3a52bc9a8da08
- Size
  
  284KB
- MD5
  
  63eef19448b880dc55a3a52bc9a8da08
- SHA1
  
  93bb46edb40c00d4d2601f9662076e1565594683
- SHA256
  
  7ecb64fe1dc2bfa8633881618e70cc66f124e2c604c850956c1250c5f4754b92
- SHA512
  
  0a33f1554c831c6704830016b93eed51d1916ab8f51d9871c42542ffac31c28bec2b61b4d8fba1c298c6dda1d07ec4ae9301b2b511506e03f0a1fea3cff8138a
- SSDEEP
  
  6144:Flb6SDOiIN4o2cOMayarS0IjX7n6wXmzbBFX:F0Siiu2cOMayaZerXXmhFX
Score

10^/10

darkcomet discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojanupx

behavioral2

darkcometdiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy