darkcomet | 141606dc58e0d2ff01159aa4b12365e989e82fe4e1d42f672d821573e46d16ec | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...03.exe

windows7-x64

JaffaCakes...03.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_77c931b93ed82c1694767135d8f7cb03
Size

278KB
Sample

250315-y1lm1awky9
MD5

77c931b93ed82c1694767135d8f7cb03
SHA1

18a588300c72115d7f37f0cc6a252c34622ca361
SHA256

141606dc58e0d2ff01159aa4b12365e989e82fe4e1d42f672d821573e46d16ec
SHA512

f6330cb7dd4436ef1f9f00897d2ca25f6c3e46bec4f6509a01e4966aca097d8d97b097c58973fc6c47ee445aa54e436224d21a4925aac351010df59ca413caa3
SSDEEP

6144:DUc8SY8u+rv6Kl9QFhC6z3sbS4P2UI9icyXV13kPKuzGnVAe+Tl:DUcrY8driIQHG2D1axkPKdp+Tl

Score

10^/10

darkcomet 1 discovery persistence rat trojan upx

Static task

static1

upx 1 darkcomet

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_77c931b93ed82c1694767135d8f7cb03.exe

Resource

win7-20250207-en

darkcomet 1 discovery persistence rat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_77c931b93ed82c1694767135d8f7cb03.exe

Resource

win10v2004-20250313-en

darkcomet 1 discovery persistence rat trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

1

C2

aha76.no-ip.biz:1604

Mutex

DC_MUTEX-XW33WU1

Attributes

InstallPath
temp\svchost.exe
gencode
�Wob.izocarn
install
true
offline_keylogger
false
password
a1x8a76
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_77c931b93ed82c1694767135d8f7cb03
- Size
  
  278KB
- MD5
  
  77c931b93ed82c1694767135d8f7cb03
- SHA1
  
  18a588300c72115d7f37f0cc6a252c34622ca361
- SHA256
  
  141606dc58e0d2ff01159aa4b12365e989e82fe4e1d42f672d821573e46d16ec
- SHA512
  
  f6330cb7dd4436ef1f9f00897d2ca25f6c3e46bec4f6509a01e4966aca097d8d97b097c58973fc6c47ee445aa54e436224d21a4925aac351010df59ca413caa3
- SSDEEP
  
  6144:DUc8SY8u+rv6Kl9QFhC6z3sbS4P2UI9icyXV13kPKuzGnVAe+Tl:DUcrY8driIQHG2D1axkPKdp+Tl
Score

10^/10

darkcomet 1 discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcomet1discoverypersistencerattrojanupx

behavioral2

darkcomet1discoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy