darkcomet | 08597065d9bdc960b1b0c9582fdd469c7a34a7ec7a4a3753fb529f260973ed9e | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...d0.exe

windows10-2004-x64

JaffaCakes...d0.exe

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

JaffaCakes118_0754e8638d9163d170947788dc6625d0
Size

801KB
Sample

250520-yzdk1a1px8
MD5

0754e8638d9163d170947788dc6625d0
SHA1

9eea22c4572e4886c6e80c847335d0409f276ed8
SHA256

08597065d9bdc960b1b0c9582fdd469c7a34a7ec7a4a3753fb529f260973ed9e
SHA512

a1e7970f8c02202562129ceadb57476043035ce07e07cbad5fd8ea7bdb5247e7acdc8ab217dd9b779661d4a366fb370119298402a04d0fc6d22545b48f7b745f
SSDEEP

12288:93vhMi7r+wx6dOqEH9Bfci2IZNBy129zSRFr4qAlUjz4C2qBMm0jr/7fp:93TsdwX2qBy1mydAlUjz4Dqpw/7fp

Score

10^/10

darkcomet products defense_evasion discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_0754e8638d9163d170947788dc6625d0.exe

Resource

win10v2004-20250502-en

darkcomet products defense_evasion discovery persistence rat trojan

windows10-2004-x64

28 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_0754e8638d9163d170947788dc6625d0.exe

Resource

win11-20250502-en

darkcomet products defense_evasion discovery persistence rat trojan

windows11-21h2-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

PRODUCTS

C2

telexsection449.no-ip.biz:1604

Mutex

DC_MUTEX-NRPAT7L

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
5MZr0BC7GVYb
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

rc4.plain

Targets

- Target
  
  JaffaCakes118_0754e8638d9163d170947788dc6625d0
- Size
  
  801KB
- MD5
  
  0754e8638d9163d170947788dc6625d0
- SHA1
  
  9eea22c4572e4886c6e80c847335d0409f276ed8
- SHA256
  
  08597065d9bdc960b1b0c9582fdd469c7a34a7ec7a4a3753fb529f260973ed9e
- SHA512
  
  a1e7970f8c02202562129ceadb57476043035ce07e07cbad5fd8ea7bdb5247e7acdc8ab217dd9b779661d4a366fb370119298402a04d0fc6d22545b48f7b745f
- SSDEEP
  
  12288:93vhMi7r+wx6dOqEH9Bfci2IZNBy129zSRFr4qAlUjz4C2qBMm0jr/7fp:93TsdwX2qBy1mydAlUjz4Dqpw/7fp
Score

10^/10

darkcomet products defense_evasion discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- Modifies WinLogon for persistence
  persistence
- Windows security bypass
  defense_evasion trojan
- Drops file in Drivers directory
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Windows security modification
  defense_evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometproductsdefense_evasiondiscoverypersistencerattrojan

behavioral2

darkcometproductsdefense_evasiondiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy