darkcomet | 3f1d5330a734abb4fccef579be3425b398b26c5156ceeb5a4b79a2593f139e3f | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...0c.exe

windows7-x64

7

JaffaCakes...0c.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_fcca2bc6c99f84188dacb2d135dc580c
Size

1.3MB
Sample

250215-1v1abawrey
MD5

fcca2bc6c99f84188dacb2d135dc580c
SHA1

e6571099bd37e04ec25d6e6bcd498f5a103d3e3f
SHA256

3f1d5330a734abb4fccef579be3425b398b26c5156ceeb5a4b79a2593f139e3f
SHA512

838de77ac3ba57407e17725e328ed3e930b16150d7b6935fb70a44034217cde6cf6240121c4e396c5f7213e5d905e8683fcbe11407acd9320b225cc03d1fc22f
SSDEEP

12288:PcrnJ8J4UcL/LYp7N4T9F324NYAsIkt5dC+6EIn8ddAPrUcXsZ/Fa4vZqmoHafMJ:YJear3Fm42hMiI8gNB0ipPsxFpUuA

Score

10^/10

darkcomet guest16 discovery rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_fcca2bc6c99f84188dacb2d135dc580c.exe

Resource

win7-20250207-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_fcca2bc6c99f84188dacb2d135dc580c.exe

Resource

win10v2004-20250211-en

darkcomet guest16 discovery rat trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

iamusinganoip.no-ip.org:1604

Mutex

DC_MUTEX-PBQ9FLV

Attributes

gencode
K4gN6lRcvAXj
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_fcca2bc6c99f84188dacb2d135dc580c
- Size
  
  1.3MB
- MD5
  
  fcca2bc6c99f84188dacb2d135dc580c
- SHA1
  
  e6571099bd37e04ec25d6e6bcd498f5a103d3e3f
- SHA256
  
  3f1d5330a734abb4fccef579be3425b398b26c5156ceeb5a4b79a2593f139e3f
- SHA512
  
  838de77ac3ba57407e17725e328ed3e930b16150d7b6935fb70a44034217cde6cf6240121c4e396c5f7213e5d905e8683fcbe11407acd9320b225cc03d1fc22f
- SSDEEP
  
  12288:PcrnJ8J4UcL/LYp7N4T9F324NYAsIkt5dC+6EIn8ddAPrUcXsZ/Fa4vZqmoHafMJ:YJear3Fm42hMiI8gNB0ipPsxFpUuA
Score

10^/10

discovery upx darkcomet guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

darkcometguest16discoveryrattrojanupx

© 2018-2025

Terms | Privacy