darkcomet | 363ebed0078926a4beef0c3ea342331532b6f30c9f0e3a65acd98518b2c8f9e2 | Triage

Submit
Reports

Overview

overview

Static

static

7

JaffaCakes...68.exe

windows7-x64

JaffaCakes...68.exe

windows10-2004-x64

7

Sharing

General

Target

JaffaCakes118_14dc13e38626cb383369b09cbcc40868
Size

875KB
Sample

250221-yjfqesyphr
MD5

14dc13e38626cb383369b09cbcc40868
SHA1

1927c7e274147ebffa367ade3dc4311ce4493c55
SHA256

363ebed0078926a4beef0c3ea342331532b6f30c9f0e3a65acd98518b2c8f9e2
SHA512

2c7bbf2aee2a37adb3466bebf62b77a23e651d87415db2971ce100d6707c1474a5b96db6035fce0f13a2044aebfb8bff3c48ccca9e5346e4fef1e8139f00f584
SSDEEP

12288:RO7hN4/mj+p5iuEA1z7mc4wys1a/v6JyQZLcDE8ZSjwqzJ70WlSAfDEUfkOaaE:ROt6oenfymaH6J7LcQKTqd7dD9fu

Score

10^/10

darkcomet guest16 aspackv2 defense_evasion discovery rat themida trojan

Static task

static1

aspackv2 themida

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_14dc13e38626cb383369b09cbcc40868.exe

Resource

win7-20241023-en

darkcomet guest16 defense_evasion discovery rat themida trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_14dc13e38626cb383369b09cbcc40868.exe

Resource

win10v2004-20250217-en

defense_evasion discovery themida

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

41.239.67.138:1604

Mutex

DC_MUTEX-5AVGCMZ

Attributes

gencode
GfmjT2.Vh5bs
install
false
offline_keylogger
false
password
winy
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_14dc13e38626cb383369b09cbcc40868
- Size
  
  875KB
- MD5
  
  14dc13e38626cb383369b09cbcc40868
- SHA1
  
  1927c7e274147ebffa367ade3dc4311ce4493c55
- SHA256
  
  363ebed0078926a4beef0c3ea342331532b6f30c9f0e3a65acd98518b2c8f9e2
- SHA512
  
  2c7bbf2aee2a37adb3466bebf62b77a23e651d87415db2971ce100d6707c1474a5b96db6035fce0f13a2044aebfb8bff3c48ccca9e5346e4fef1e8139f00f584
- SSDEEP
  
  12288:RO7hN4/mj+p5iuEA1z7mc4wys1a/v6JyQZLcDE8ZSjwqzJ70WlSAfDEUfkOaaE:ROt6oenfymaH6J7LcQKTqd7dD9fu
Score

10^/10

darkcomet guest16 defense_evasion discovery rat themida trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

aspackv2themida

behavioral1

darkcometguest16defense_evasiondiscoveryratthemidatrojan

behavioral2

defense_evasiondiscoverythemida

© 2018-2025

Terms | Privacy