darkcomet | 3eacba75107f0586735eb29133eddc6bd326a5d69b6d72bfbd0b77519ccd07a8 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...fc.exe

windows7-x64

JaffaCakes...fc.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_89876ef0a94cfddbb4b31534318f54fc
Size

1.3MB
Sample

250327-fnjc1azk18
MD5

89876ef0a94cfddbb4b31534318f54fc
SHA1

5c93e429dbf56fb484e24279c50175cdb9250b8c
SHA256

3eacba75107f0586735eb29133eddc6bd326a5d69b6d72bfbd0b77519ccd07a8
SHA512

ddb1d97a21d5364ad89b83a9f1c18aaac601d9df601412fc9c1148a8db6a5d9f4ed43b247201b80c81a020cf881e0bc40a3c0a05c9d6ed58d2e0f61439a39fa3
SSDEEP

24576:AxLXDSHJeHQjiCA7BRSztzxdfhf6PQl1hfwUenzZQ:AxaHCGpyBMDh6P2wUenS

Score

10^/10

darkcomet the joker hacker defense_evasion discovery persistence rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_89876ef0a94cfddbb4b31534318f54fc.exe

Resource

win7-20240729-en

darkcomet the joker hacker defense_evasion discovery persistence rat trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_89876ef0a94cfddbb4b31534318f54fc.exe

Resource

win10v2004-20250314-en

darkcomet the joker hacker defense_evasion discovery persistence rat trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

The Joker Hacker

C2

thejokerhacker.no-ip.biz:288

Mutex

DC_MUTEX-PHDL86N

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
HP4pYsV9BXK4
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

rc4.plain

Targets

- Target
  
  JaffaCakes118_89876ef0a94cfddbb4b31534318f54fc
- Size
  
  1.3MB
- MD5
  
  89876ef0a94cfddbb4b31534318f54fc
- SHA1
  
  5c93e429dbf56fb484e24279c50175cdb9250b8c
- SHA256
  
  3eacba75107f0586735eb29133eddc6bd326a5d69b6d72bfbd0b77519ccd07a8
- SHA512
  
  ddb1d97a21d5364ad89b83a9f1c18aaac601d9df601412fc9c1148a8db6a5d9f4ed43b247201b80c81a020cf881e0bc40a3c0a05c9d6ed58d2e0f61439a39fa3
- SSDEEP
  
  24576:AxLXDSHJeHQjiCA7BRSztzxdfhf6PQl1hfwUenzZQ:AxaHCGpyBMDh6P2wUenS
Score

10^/10

darkcomet the joker hacker defense_evasion discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  defense_evasion
- Windows security bypass
  defense_evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometthe joker hackerdefense_evasiondiscoverypersistencerattrojanupx

behavioral2

darkcometthe joker hackerdefense_evasiondiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy