darkcomet | 80e1040e15f16c0c2d4f0247e592c4fed6755c983015c65cd20d8cc610f16cdb | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

JaffaCakes...09.exe

windows7-x64

JaffaCakes...09.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_b7a0b8ea2827df3b218c67f3e777a109
Size

1.5MB
Sample

250207-qzpn9stqbl
MD5

b7a0b8ea2827df3b218c67f3e777a109
SHA1

8b561a71fb61b65a275cb419c3281706fc8c1c5c
SHA256

80e1040e15f16c0c2d4f0247e592c4fed6755c983015c65cd20d8cc610f16cdb
SHA512

2899ece6d8b6b298022381503a6fdebf0b8e68426f9cf0e93e07d2b9a4b16a1f8e9777ea3824a59a1fa7bea388ebf64802dd76ee6aca545388135a527283869c
SSDEEP

24576:OuE46KWUVT9VcqBT66OD8ivpO4R57d+bc6QqIRPZvExBxH:OueKTVT9VW6OD/fvdocnPZ2Bh

Score

10^/10

darkcomet guest11 defense_evasion discovery persistence rat themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_b7a0b8ea2827df3b218c67f3e777a109.exe

Resource

win7-20241010-en

darkcomet guest11 defense_evasion discovery persistence rat themida trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_b7a0b8ea2827df3b218c67f3e777a109.exe

Resource

win10v2004-20250129-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest11

C2

combat18.zapto.org:1604

Mutex

DC_MUTEX-7WZJWK7

Attributes

InstallPath
MSDCSC\svchost.exe
gencode
1CiHebnLDgM7
install
true
offline_keylogger
true
password
opac220393
persistence
true
reg_key
Processo de Host para Servi�os do Windows

rc4.plain

Targets

- Target
  
  JaffaCakes118_b7a0b8ea2827df3b218c67f3e777a109
- Size
  
  1.5MB
- MD5
  
  b7a0b8ea2827df3b218c67f3e777a109
- SHA1
  
  8b561a71fb61b65a275cb419c3281706fc8c1c5c
- SHA256
  
  80e1040e15f16c0c2d4f0247e592c4fed6755c983015c65cd20d8cc610f16cdb
- SHA512
  
  2899ece6d8b6b298022381503a6fdebf0b8e68426f9cf0e93e07d2b9a4b16a1f8e9777ea3824a59a1fa7bea388ebf64802dd76ee6aca545388135a527283869c
- SSDEEP
  
  24576:OuE46KWUVT9VcqBT66OD8ivpO4R57d+bc6QqIRPZvExBxH:OueKTVT9VW6OD/fvdocnPZ2Bh
Score

10^/10

darkcomet guest11 defense_evasion discovery persistence rat themida trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  defense_evasion
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest11defense_evasiondiscoverypersistenceratthemidatrojan

behavioral2

© 2018-2025

Terms | Privacy