darkcomet | e288ac3ecad103fdd8ffd2af32d4d2e7232263ba6ad0be90bca0f72d04b20c73 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...02.exe

windows7-x64

JaffaCakes...02.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_80e5190a9e7141413f667935ddd2ee02
Size

369KB
Sample

250320-csjyjsvkz4
MD5

80e5190a9e7141413f667935ddd2ee02
SHA1

d78092febb57e202cb9f2791861ce9cf46d1614d
SHA256

e288ac3ecad103fdd8ffd2af32d4d2e7232263ba6ad0be90bca0f72d04b20c73
SHA512

54e1bb1a92c5d9a0ef2a0aa514550b5dc2ed326f5382dc3e5680c8f2022b36f569458111103c0776766ee7d633b502f4b31c934a7473b76c647651be13621cb7
SSDEEP

6144:xK+ZtjvFM7dlnOd9aJ261MCnDPxaaAMhgYNt28h83QNu6/Cu37Cr3oG:bvFa5OD961MCnDPEaW8m3euK3c

Score

10^/10

darkcomet wirecrypter defense_evasion discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe

Resource

win7-20250207-en

darkcomet wirecrypter defense_evasion discovery persistence rat trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_80e5190a9e7141413f667935ddd2ee02.exe

Resource

win10v2004-20250314-en

darkcomet wirecrypter defense_evasion discovery persistence rat trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

WireCrypter

C2

runeo.no-ip.info:1604

Mutex

DC_MUTEX-MSXSUHC

Attributes

gencode
N6yPChD0zHNX
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_80e5190a9e7141413f667935ddd2ee02
- Size
  
  369KB
- MD5
  
  80e5190a9e7141413f667935ddd2ee02
- SHA1
  
  d78092febb57e202cb9f2791861ce9cf46d1614d
- SHA256
  
  e288ac3ecad103fdd8ffd2af32d4d2e7232263ba6ad0be90bca0f72d04b20c73
- SHA512
  
  54e1bb1a92c5d9a0ef2a0aa514550b5dc2ed326f5382dc3e5680c8f2022b36f569458111103c0776766ee7d633b502f4b31c934a7473b76c647651be13621cb7
- SSDEEP
  
  6144:xK+ZtjvFM7dlnOd9aJ261MCnDPxaaAMhgYNt28h83QNu6/Cu37Cr3oG:bvFa5OD961MCnDPEaW8m3euK3c
Score

10^/10

darkcomet wirecrypter defense_evasion discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometwirecrypterdefense_evasiondiscoverypersistencerattrojanupx

behavioral2

darkcometwirecrypterdefense_evasiondiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy