darkcomet | 13b52aa0dd2735d4e7c1ee14ac5c205220f4ee40c1ebea03bbda4ed4de3fc8b8 | Triage

Submit
Reports

Overview

overview

Static

static

5

JaffaCakes...73.exe

windows10-2004-x64

JaffaCakes...73.exe

windows11-21h2-x64

Sharing

General

Target

JaffaCakes118_c22ad1fd682dc055fa785af3a3698173
Size

3.9MB
Sample

250419-k8lfbatrx7
MD5

c22ad1fd682dc055fa785af3a3698173
SHA1

843619a091c73c8229416ed06484f071ae712921
SHA256

13b52aa0dd2735d4e7c1ee14ac5c205220f4ee40c1ebea03bbda4ed4de3fc8b8
SHA512

db6ef91326c7a8b71e5af4f91759ca7694d4143ad6aaa0e654997585ae8c1a619904fa82380833de6e6b2032e71739d046ca63e79aa67532e15531bbc234cf86
SSDEEP

98304:+2o2ByKYfS/qEwaVhNAiI/rXPrKKaq5BTpH2pIAvFclLlZqhPAbTkntBGtPEqADK:+2o2ByKYfS/qEwaVhNAiI/rXPrKKaq5z

Score

10^/10

darkcomet youtube defense_evasion discovery persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_c22ad1fd682dc055fa785af3a3698173.exe

Resource

win10v2004-20250410-en

darkcomet youtube defense_evasion discovery persistence rat trojan upx

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_c22ad1fd682dc055fa785af3a3698173.exe

Resource

win11-20250410-en

darkcomet youtube defense_evasion discovery persistence rat trojan upx

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Youtube

C2

letsgoboom.no-ip.info:1604

Mutex

DC_MUTEX-JCT2X8G

Attributes

gencode
ou�nXAcHorSd
install
false
offline_keylogger
true
password
runescaped
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_c22ad1fd682dc055fa785af3a3698173
- Size
  
  3.9MB
- MD5
  
  c22ad1fd682dc055fa785af3a3698173
- SHA1
  
  843619a091c73c8229416ed06484f071ae712921
- SHA256
  
  13b52aa0dd2735d4e7c1ee14ac5c205220f4ee40c1ebea03bbda4ed4de3fc8b8
- SHA512
  
  db6ef91326c7a8b71e5af4f91759ca7694d4143ad6aaa0e654997585ae8c1a619904fa82380833de6e6b2032e71739d046ca63e79aa67532e15531bbc234cf86
- SSDEEP
  
  98304:+2o2ByKYfS/qEwaVhNAiI/rXPrKKaq5BTpH2pIAvFclLlZqhPAbTkntBGtPEqADK:+2o2ByKYfS/qEwaVhNAiI/rXPrKKaq5z
Score

10^/10

darkcomet youtube defense_evasion discovery persistence rat trojan upx
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- UAC bypass
  defense_evasion trojan
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometyoutubedefense_evasiondiscoverypersistencerattrojanupx

behavioral2

darkcometyoutubedefense_evasiondiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy