darkcomet | 034dd5f6be4f9da37e326472542f527b921443939b1b41b2f4ac1371f475c26a | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...98.exe

windows7-x64

JaffaCakes...98.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_02e2120ae73f45f30fe140d7b6e90d98
Size

760KB
Sample

250219-cmmr9avjgt
MD5

02e2120ae73f45f30fe140d7b6e90d98
SHA1

3220919465989236c7a886e4816236c738b3abc5
SHA256

034dd5f6be4f9da37e326472542f527b921443939b1b41b2f4ac1371f475c26a
SHA512

9e6bf2c2c4ccd8d7edc5b4ccda5fe461306a1826be379c2e8845b6b95ab5770ff0488559dbcda54e1ffdb4039104b58a2eef42b10e73eebb8b874ea94844e21e
SSDEEP

12288:KEBZ4Qy6YX5PgkSndWqbG4gbuoBFfBgmlS8J8jYtzkxaplmdRl2Rrk:By3X54knqhILXfCmlSuqYtzk0ela

Score

10^/10

darkcomet hq-bot discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_02e2120ae73f45f30fe140d7b6e90d98.exe

Resource

win7-20240903-en

darkcomet hq-bot discovery persistence rat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_02e2120ae73f45f30fe140d7b6e90d98.exe

Resource

win10v2004-20250217-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

HQ-Bot

C2

lloydharriton.no-ip.info:3399

Mutex

DC_MUTEX-7FFHJX4

Attributes

gencode
5RtJMb9vLS9x
install
false
offline_keylogger
true
password
123456789z
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_02e2120ae73f45f30fe140d7b6e90d98
- Size
  
  760KB
- MD5
  
  02e2120ae73f45f30fe140d7b6e90d98
- SHA1
  
  3220919465989236c7a886e4816236c738b3abc5
- SHA256
  
  034dd5f6be4f9da37e326472542f527b921443939b1b41b2f4ac1371f475c26a
- SHA512
  
  9e6bf2c2c4ccd8d7edc5b4ccda5fe461306a1826be379c2e8845b6b95ab5770ff0488559dbcda54e1ffdb4039104b58a2eef42b10e73eebb8b874ea94844e21e
- SSDEEP
  
  12288:KEBZ4Qy6YX5PgkSndWqbG4gbuoBFfBgmlS8J8jYtzkxaplmdRl2Rrk:By3X54knqhILXfCmlSuqYtzk0ela
Score

10^/10

darkcomet hq-bot discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomethq-botdiscoverypersistencerattrojanupx

behavioral2

© 2018-2025

Terms | Privacy