darkcomet | 6c445db3a555178391b3f09964b7d53bb5708ebadb762681b5dce0620795746d | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...50.exe

windows7-x64

JaffaCakes...50.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_3837dcba807124b611190bf4bbcb2050
Size

952KB
Sample

250301-lngr3axvcs
MD5

3837dcba807124b611190bf4bbcb2050
SHA1

6fef395738ae54ce4cdac5b2771c67f769c79fff
SHA256

6c445db3a555178391b3f09964b7d53bb5708ebadb762681b5dce0620795746d
SHA512

23152d743b7755da8a037b675227e29556dc116d23867d76e818aa034d0d377778e54c1b51ceed99be07f515c1d20728761aba948bbdd18c3c2587bff01f7fc9
SSDEEP

12288:byyy7Z3z4I8NXOGjwwG/ZjXsAHHz79p9NM5Tz103j2CF4TxQUOfhVPOSAE//VAci:baCI2OewFJN4mkxyHnnew1SatLRzD

Score

10^/10

darkcomet discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_3837dcba807124b611190bf4bbcb2050.exe

Resource

win7-20240903-en

darkcomet discovery persistence rat trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_3837dcba807124b611190bf4bbcb2050.exe

Resource

win10v2004-20250217-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_3837dcba807124b611190bf4bbcb2050
- Size
  
  952KB
- MD5
  
  3837dcba807124b611190bf4bbcb2050
- SHA1
  
  6fef395738ae54ce4cdac5b2771c67f769c79fff
- SHA256
  
  6c445db3a555178391b3f09964b7d53bb5708ebadb762681b5dce0620795746d
- SHA512
  
  23152d743b7755da8a037b675227e29556dc116d23867d76e818aa034d0d377778e54c1b51ceed99be07f515c1d20728761aba948bbdd18c3c2587bff01f7fc9
- SSDEEP
  
  12288:byyy7Z3z4I8NXOGjwwG/ZjXsAHHz79p9NM5Tz103j2CF4TxQUOfhVPOSAE//VAci:baCI2OewFJN4mkxyHnnew1SatLRzD
Score

10^/10

darkcomet discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojanupx

behavioral2

© 2018-2025

Terms | Privacy