darkcomet | d66e4e7aebb20091770c3564857a26f1ee478e6645ea6e84775af2a053433d40 | Triage

Submit
Reports

Overview

overview

Static

static

5

JaffaCakes...c5.exe

windows7-x64

JaffaCakes...c5.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_c10c280643753c9aa7797467efb966c5
Size

831KB
Sample

250208-kdfxcawmgj
MD5

c10c280643753c9aa7797467efb966c5
SHA1

aee919fd527036daa9e44cde21244a01f64cda35
SHA256

d66e4e7aebb20091770c3564857a26f1ee478e6645ea6e84775af2a053433d40
SHA512

f94a12fad433361cef4c88991df16abb4ea7d5c6e111f30de8b8a2e8c4b46b548380ccde6da615ac83367832e0f1bf585087267edc08d85b3833ac9a3810e949
SSDEEP

12288:BeB/CFKOHLVQwfCg+thDzGF7TrtF/c0OFBHYNmwZ9IrQ5pCBsiHEqEP:BkYKm2wfCfi7ftuINmwZ9Ir6pCrlEP

Score

10^/10

darkcomet updateusername defense_evasion discovery rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_c10c280643753c9aa7797467efb966c5.exe

Resource

win7-20250207-en

darkcomet updateusername defense_evasion discovery rat trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_c10c280643753c9aa7797467efb966c5.exe

Resource

win10v2004-20250207-en

darkcomet updateusername defense_evasion discovery rat trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

updateusername

C2

updateusername.no-ip.org:1604

Mutex

DC_MUTEX-PU35C8B

Attributes

gencode
9q�YVjS�FyGm
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_c10c280643753c9aa7797467efb966c5
- Size
  
  831KB
- MD5
  
  c10c280643753c9aa7797467efb966c5
- SHA1
  
  aee919fd527036daa9e44cde21244a01f64cda35
- SHA256
  
  d66e4e7aebb20091770c3564857a26f1ee478e6645ea6e84775af2a053433d40
- SHA512
  
  f94a12fad433361cef4c88991df16abb4ea7d5c6e111f30de8b8a2e8c4b46b548380ccde6da615ac83367832e0f1bf585087267edc08d85b3833ac9a3810e949
- SSDEEP
  
  12288:BeB/CFKOHLVQwfCg+thDzGF7TrtF/c0OFBHYNmwZ9IrQ5pCBsiHEqEP:BkYKm2wfCfi7ftuINmwZ9Ir6pCrlEP
Score

10^/10

darkcomet updateusername defense_evasion discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Disables Task Manager via registry modification
  defense_evasion
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Windows security modification
  defense_evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometupdateusernamedefense_evasiondiscoveryrattrojanupx

behavioral2

darkcometupdateusernamedefense_evasiondiscoveryrattrojanupx

© 2018-2025

Terms | Privacy