darkcomet | 1f4a44b25d0d5200e61ca5dcf37f001e1b3be5a240943b9f8d4f0f702872d272 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...2b.exe

windows10-2004-x64

JaffaCakes...2b.exe

windows11-21h2-x64

Sharing

General

Target

JaffaCakes118_c179c544bd7a45218f62fb0cfc1ea52b
Size

429KB
Sample

250419-gcfy6sypz3
MD5

c179c544bd7a45218f62fb0cfc1ea52b
SHA1

ba0f425c8ce825b8ff244629ae39dae73fc0a3d3
SHA256

1f4a44b25d0d5200e61ca5dcf37f001e1b3be5a240943b9f8d4f0f702872d272
SHA512

8fe4a4c62085f3c65b7f9066cca6ae76478e827e48dc273b64af14d5eb8abc572276b08776f0acf8f1b1959f0d769b69e95932facf8a013bdc4cd930c992a9d1
SSDEEP

6144:JPAObGPdNT+e7NmQgoHeYNIRBsTmRGRl0Wm8m1bjxZnA1NNUroto/:JAVNT+GH9NIRBsToG/0p8m1vM1Mr9/

Score

10^/10

darkcomet anarcee defense_evasion discovery rat trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_c179c544bd7a45218f62fb0cfc1ea52b.exe

Resource

win10v2004-20250314-en

darkcomet anarcee defense_evasion discovery rat trojan upx

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_c179c544bd7a45218f62fb0cfc1ea52b.exe

Resource

win11-20250410-en

darkcomet anarcee defense_evasion discovery rat trojan upx

windows11-21h2-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Anarcee

C2

127.0.0.1:8000

Mutex

DC_MUTEX-XCQRUEM

Attributes

gencode
�2f1mG5c844U
install
false
offline_keylogger
false
password
slayer70
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_c179c544bd7a45218f62fb0cfc1ea52b
- Size
  
  429KB
- MD5
  
  c179c544bd7a45218f62fb0cfc1ea52b
- SHA1
  
  ba0f425c8ce825b8ff244629ae39dae73fc0a3d3
- SHA256
  
  1f4a44b25d0d5200e61ca5dcf37f001e1b3be5a240943b9f8d4f0f702872d272
- SHA512
  
  8fe4a4c62085f3c65b7f9066cca6ae76478e827e48dc273b64af14d5eb8abc572276b08776f0acf8f1b1959f0d769b69e95932facf8a013bdc4cd930c992a9d1
- SSDEEP
  
  6144:JPAObGPdNT+e7NmQgoHeYNIRBsTmRGRl0Wm8m1bjxZnA1NNUroto/:JAVNT+GH9NIRBsToG/0p8m1vM1Mr9/
Score

10^/10

darkcomet anarcee defense_evasion discovery rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies firewall policy service
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometanarceedefense_evasiondiscoveryrattrojanupx

behavioral2

darkcometanarceedefense_evasiondiscoveryrattrojanupx

© 2018-2025

Terms | Privacy