darkcomet | e4cb72424561e0c4f9ce2ae8966d56e2fbb08936932818a4c087a0ecac9aed8d | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...fa.exe

windows10-2004-x64

JaffaCakes...fa.exe

windows11-21h2-x64

Sharing

General

Target

JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa
Size

1.0MB
Sample

250417-zvgmjastbz
MD5

bb23e0f33180784f3f718c06fd3060fa
SHA1

508c944fb1bf162e6c383e484d4dd3e47543e9e1
SHA256

e4cb72424561e0c4f9ce2ae8966d56e2fbb08936932818a4c087a0ecac9aed8d
SHA512

8916f83162b57835aeee4819c093b20750da177316c3f21047214b439dba9b812f5097706bee27abb84d8a669159ab20f0d01e813dc3540a2cb3ab589cb28daa
SSDEEP

12288:DXCjY03SjKyRLHZmhxik4oHSKhBVhiC4xbBEgjB8JVbRGVzDqEob6VimvXJOq3iU:47SKyLkk0qh18JgJQhAQSsHd9

Score

10^/10

darkcomet discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe

Resource

win10v2004-20250410-en

darkcomet discovery persistence rat trojan

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa.exe

Resource

win11-20250410-en

darkcomet discovery persistence rat trojan

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Attributes

gencode
install
false
offline_keylogger
false
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_bb23e0f33180784f3f718c06fd3060fa
- Size
  
  1.0MB
- MD5
  
  bb23e0f33180784f3f718c06fd3060fa
- SHA1
  
  508c944fb1bf162e6c383e484d4dd3e47543e9e1
- SHA256
  
  e4cb72424561e0c4f9ce2ae8966d56e2fbb08936932818a4c087a0ecac9aed8d
- SHA512
  
  8916f83162b57835aeee4819c093b20750da177316c3f21047214b439dba9b812f5097706bee27abb84d8a669159ab20f0d01e813dc3540a2cb3ab589cb28daa
- SSDEEP
  
  12288:DXCjY03SjKyRLHZmhxik4oHSKhBVhiC4xbBEgjB8JVbRGVzDqEob6VimvXJOq3iU:47SKyLkk0qh18JgJQhAQSsHd9
Score

10^/10

darkcomet discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometdiscoverypersistencerattrojan

behavioral2

darkcometdiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy