darkcomet | a4e92f82f92ac626b5ffd151e2a16bdf90083242a42c37f2c58683a94f663570 | Triage

Submit
Reports

Overview

overview

Static

static

3

FakeWebcam6.2.exe

windows7-x64

FakeWebcam6.2.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_4f1967f6bdd7148ed00e496a9bcaa88f
Size

461KB
Sample

250304-xpd84sykv9
MD5

4f1967f6bdd7148ed00e496a9bcaa88f
SHA1

03b5957933f4a23379bace705a2e971c08a14685
SHA256

a4e92f82f92ac626b5ffd151e2a16bdf90083242a42c37f2c58683a94f663570
SHA512

a9431a11a62032711dfe00d4d141219d46a72db513981f80f3bd60f82dbd199ed1afcbc31ea87ea01d8338941a9b4150cbb5e86359abe26d3989bf744443026f
SSDEEP

12288:hOZJHdwsdggqfiOV7YT1UW5joGqZ8ID99eg5+eT1:cL9pWZHyTF5cF3Db5T

Score

10^/10

darkcomet hacked discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

FakeWebcam6.2.exe

Resource

win7-20240729-en

darkcomet hacked discovery persistence rat trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

FakeWebcam6.2.exe

Resource

win10v2004-20250217-en

darkcomet hacked discovery persistence rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Hacked

C2

kingkingofhacker.no-ip.biz:1604

Mutex

DC_MUTEX-XYZSRMS

Attributes

InstallPath
FakeWebcam.exe
gencode
DNUieDl1NhPQ
install
true
offline_keylogger
true
persistence
false
reg_key
MicroUpdate

rc4.plain

Targets

- Target
  
  FakeWebcam6.2.exe
- Size
  
  632KB
- MD5
  
  85ea1c7e59b63c1731d642e576b8d5bd
- SHA1
  
  44ffbcbe5bed1be774c97f24a60a70186e525510
- SHA256
  
  8d18c9599f3f743b6f3abb2d20887ab1f4178e53cd2948cd226d2f189dd65804
- SHA512
  
  1ce0cfd5ee9eaa2b272eb240a06c01ae79e6a5650646c73dff2c7bc4227ca4fbad623afccd521dab8d97f4cdb5fd47ff671cfe6f386a46964491f20cf867d96b
- SSDEEP
  
  12288:6Gfkwc4ybTNaaaqvE9mJknkSD9MfsTXbsO4uaFNHRLIEvXU195:NMwVW2kHxw
Score

10^/10

darkcomet hacked discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomethackeddiscoverypersistencerattrojanupx

behavioral2

darkcomethackeddiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy