darkcomet | 84a39d971e3a95f734c084ae6f86fe52108e5318ff58eedcaac64d57286779b2 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...90.exe

windows7-x64

JaffaCakes...90.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_46b67e7cf28525e784fa2ae5521f3e90
Size

733KB
Sample

250303-m8d3cawqs9
MD5

46b67e7cf28525e784fa2ae5521f3e90
SHA1

c02b243b342bf12db04e3a3baddccc6284ac8a16
SHA256

84a39d971e3a95f734c084ae6f86fe52108e5318ff58eedcaac64d57286779b2
SHA512

6aa6e28b7bfbf8982e0790ba8d34ea3067aa68bfe46d8df9818567736e54ef25573ba5810bcecee452207623e56f5531aa1a936aa30882b00df19673546ebed5
SSDEEP

12288:4MAZoTc56y+ZyYr76OI2QUXxjk/XmrSrYz0RND1PT3Kk1Ja41IdhPNCzSVCN8t4H:St3UDz44IA5iS082H

Score

10^/10

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_46b67e7cf28525e784fa2ae5521f3e90.exe

Resource

win7-20240903-en

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_46b67e7cf28525e784fa2ae5521f3e90.exe

Resource

win10v2004-20250217-en

darkcomet guest16 defense_evasion discovery persistence rat trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

faceboock.zapto.org:8080

Mutex

DC_MUTEX-XPG9DMP

Attributes

InstallPath
Windupdt\winupdate.exe
gencode
RtbUjfBkpiQF
install
true
offline_keylogger
true
password
Lieschen2135
persistence
true
reg_key
winupdater

rc4.plain

Targets

- Target
  
  JaffaCakes118_46b67e7cf28525e784fa2ae5521f3e90
- Size
  
  733KB
- MD5
  
  46b67e7cf28525e784fa2ae5521f3e90
- SHA1
  
  c02b243b342bf12db04e3a3baddccc6284ac8a16
- SHA256
  
  84a39d971e3a95f734c084ae6f86fe52108e5318ff58eedcaac64d57286779b2
- SHA512
  
  6aa6e28b7bfbf8982e0790ba8d34ea3067aa68bfe46d8df9818567736e54ef25573ba5810bcecee452207623e56f5531aa1a936aa30882b00df19673546ebed5
- SSDEEP
  
  12288:4MAZoTc56y+ZyYr76OI2QUXxjk/XmrSrYz0RND1PT3Kk1Ja41IdhPNCzSVCN8t4H:St3UDz44IA5iS082H
Score

10^/10

darkcomet guest16 defense_evasion discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16defense_evasiondiscoverypersistencerattrojanupx

behavioral2

darkcometguest16defense_evasiondiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy