darkcomet | 43e23ddaf45012061ea60e5aa62c9e70d9028ae13c477f5ae17cf7be7fb05384 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...00.exe

windows7-x64

JaffaCakes...00.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_1f7ff13139b885b00de51893a790f800
Size

253KB
Sample

250223-jvxezs1jbn
MD5

1f7ff13139b885b00de51893a790f800
SHA1

ec7523a0a1744722f91fc82340bea00490fa4ed8
SHA256

43e23ddaf45012061ea60e5aa62c9e70d9028ae13c477f5ae17cf7be7fb05384
SHA512

1f7491e22c87569269f67842f8385ae61eb9a05dd4d60b46d84706c4b0059feb6a008eaf984cadd933d32e1dda04ad63392c69a0861c1122e39b30c2a3f80588
SSDEEP

6144:DBJVqu5jxRl+t6Ge0qw0kw9+Ks9a8/7z6lnv:DtqwjxRl+t6GfL7zcv

Score

10^/10

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

Static task

static1

upx guest16 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_1f7ff13139b885b00de51893a790f800.exe

Resource

win7-20241023-en

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_1f7ff13139b885b00de51893a790f800.exe

Resource

win10v2004-20250217-en

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

91.157.132.221:5555

Mutex

DC_MUTEX-AF28X5E

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
bCj76JyxRToA
install
true
offline_keylogger
true
persistence
false
reg_key
RSBot

rc4.plain

Targets

- Target
  
  JaffaCakes118_1f7ff13139b885b00de51893a790f800
- Size
  
  253KB
- MD5
  
  1f7ff13139b885b00de51893a790f800
- SHA1
  
  ec7523a0a1744722f91fc82340bea00490fa4ed8
- SHA256
  
  43e23ddaf45012061ea60e5aa62c9e70d9028ae13c477f5ae17cf7be7fb05384
- SHA512
  
  1f7491e22c87569269f67842f8385ae61eb9a05dd4d60b46d84706c4b0059feb6a008eaf984cadd933d32e1dda04ad63392c69a0861c1122e39b30c2a3f80588
- SSDEEP
  
  6144:DBJVqu5jxRl+t6Ge0qw0kw9+Ks9a8/7z6lnv:DtqwjxRl+t6GfL7zcv
Score

10^/10

darkcomet guest16 defense_evasion discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Windows security bypass
  defense_evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxguest16darkcomet

behavioral1

darkcometguest16defense_evasiondiscoverypersistencerattrojanupx

behavioral2

darkcometguest16defense_evasiondiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy