darkcomet | 847a898a97ff150c08dab76176e8828bd125122c2ef42824a5bfc76465013a64 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...de.exe

windows7-x64

JaffaCakes...de.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_f3c53c40837e1e4c35d80a814a6dabde
Size

360KB
Sample

250214-fkx2zstlez
MD5

f3c53c40837e1e4c35d80a814a6dabde
SHA1

93d3518db78170d74afdf701ee06f619b8074f44
SHA256

847a898a97ff150c08dab76176e8828bd125122c2ef42824a5bfc76465013a64
SHA512

4777db55eee08516dd7efd83c154cf02ffbbd12ee3d117c844f91c9ad5c289d7d4e7ce3a418d380384da95cc97f77c567ffab85c9fe4745c05dbf58e1e8cad71
SSDEEP

6144:ZlwWw0fgpl1uCo7j3D70aoJ09AdtttmrxVpkXPaTgBjn+6pd7SEKrWD5UQ:zw5vfLonzpMtTgyaVW9U

Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_f3c53c40837e1e4c35d80a814a6dabde.exe

Resource

win7-20241010-en

darkcomet guest16 defense_evasion discovery rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_f3c53c40837e1e4c35d80a814a6dabde.exe

Resource

win10v2004-20250211-en

darkcomet guest16 defense_evasion discovery rat trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

x51010.no-ip.biz:1604

Mutex

DC_MUTEX-5XCVLWK

Attributes

gencode
0BENJPY88Nek
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_f3c53c40837e1e4c35d80a814a6dabde
- Size
  
  360KB
- MD5
  
  f3c53c40837e1e4c35d80a814a6dabde
- SHA1
  
  93d3518db78170d74afdf701ee06f619b8074f44
- SHA256
  
  847a898a97ff150c08dab76176e8828bd125122c2ef42824a5bfc76465013a64
- SHA512
  
  4777db55eee08516dd7efd83c154cf02ffbbd12ee3d117c844f91c9ad5c289d7d4e7ce3a418d380384da95cc97f77c567ffab85c9fe4745c05dbf58e1e8cad71
- SSDEEP
  
  6144:ZlwWw0fgpl1uCo7j3D70aoJ09AdtttmrxVpkXPaTgBjn+6pd7SEKrWD5UQ:zw5vfLonzpMtTgyaVW9U
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Downloads MZ/PE file
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16defense_evasiondiscoveryrattrojanupx

behavioral2

darkcometguest16defense_evasiondiscoveryrattrojanupx

© 2018-2025

Terms | Privacy