darkcomet | 026c7c0e6ab52292fc5f4f75c78737943ecc58df497b19d2de8756b468ca1b66 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...a0.exe

windows7-x64

JaffaCakes...a0.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_8351bf08900b42321b4af3ffb1ef98a0
Size

691KB
Sample

250321-p7y28sywbz
MD5

8351bf08900b42321b4af3ffb1ef98a0
SHA1

acb02fd072bd8859d75ffbaef1730dae59d79d30
SHA256

026c7c0e6ab52292fc5f4f75c78737943ecc58df497b19d2de8756b468ca1b66
SHA512

2daf95f1e9bb05f25a7e99610219c3514069e7ba71133a5f5fac6ad567f1ef68476601b4f9e486ad83fc6ca3669eebd326a6a0b04c9a4efacffb7f4236b263f4
SSDEEP

12288:VzyInpIJAYJPwTcwySyiCXeUs8IwJJ3Scvfsi0ZSRq/LT+3:VzyInpqD5TiV9C0i0ZXLO

Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_8351bf08900b42321b4af3ffb1ef98a0.exe

Resource

win7-20250207-en

darkcomet guest16 defense_evasion discovery rat trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_8351bf08900b42321b4af3ffb1ef98a0.exe

Resource

win10v2004-20250314-en

darkcomet guest16 defense_evasion discovery rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes

gencode
DbeN40ElF3Qt
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_8351bf08900b42321b4af3ffb1ef98a0
- Size
  
  691KB
- MD5
  
  8351bf08900b42321b4af3ffb1ef98a0
- SHA1
  
  acb02fd072bd8859d75ffbaef1730dae59d79d30
- SHA256
  
  026c7c0e6ab52292fc5f4f75c78737943ecc58df497b19d2de8756b468ca1b66
- SHA512
  
  2daf95f1e9bb05f25a7e99610219c3514069e7ba71133a5f5fac6ad567f1ef68476601b4f9e486ad83fc6ca3669eebd326a6a0b04c9a4efacffb7f4236b263f4
- SSDEEP
  
  12288:VzyInpIJAYJPwTcwySyiCXeUs8IwJJ3Scvfsi0ZSRq/LT+3:VzyInpqD5TiV9C0i0ZXLO
Score

10^/10

darkcomet guest16 defense_evasion discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Disables RegEdit via registry modification
  defense_evasion
- Disables Task Manager via registry modification
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometguest16defense_evasiondiscoveryrattrojan

behavioral2

darkcometguest16defense_evasiondiscoveryrattrojan

© 2018-2025

Terms | Privacy