darkcomet | 92bae130f70a00a0207adfa078c44f57a9c6326c8873847f99acc8d3398b5f7a | Triage

Sharing

General

Target

Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
Size

1.1MB
Sample

200806-1mtljmzzrs
MD5

e255489d5f3e363d714ee0cecf55fe34
SHA1

abee71dd7a24cb405390fa25e24297ac6e520809
SHA256

92bae130f70a00a0207adfa078c44f57a9c6326c8873847f99acc8d3398b5f7a
SHA512

6cb359bccc3834973481a089cf3e3a30d0948242579351e9e3f1de352215a50602b3624cb54954be538f4b13fcb9bbbb054d4683a5677100429b35aa6f9fb697

Score

10^/10

darkcomet modiloader persistence rat trojan

Malware Config

Targets

- Target
  
  Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
- Size
  
  1.1MB
- MD5
  
  e255489d5f3e363d714ee0cecf55fe34
- SHA1
  
  abee71dd7a24cb405390fa25e24297ac6e520809
- SHA256
  
  92bae130f70a00a0207adfa078c44f57a9c6326c8873847f99acc8d3398b5f7a
- SHA512
  
  6cb359bccc3834973481a089cf3e3a30d0948242579351e9e3f1de352215a50602b3624cb54954be538f4b13fcb9bbbb054d4683a5677100429b35aa6f9fb697
Score

10^/10

darkcomet modiloader persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

darkcometmodiloaderpersistencerattrojan

behavioral2

darkcometmodiloaderpersistencerattrojan