darkcomet | 083ff0dca04e12c0ac1da78b111cf8d881505b9ff4f83988503986fafb272260 | Triage

Submit
Reports

Overview

overview

Static

static

3

2949038e17...18.exe

windows7-x64

2949038e17...18.exe

windows10-2004-x64

Sharing

General

Target

2949038e177f7905cfdf61d98230034b_JaffaCakes118
Size

328KB
Sample

240706-xqmxmszhrp
MD5

2949038e177f7905cfdf61d98230034b
SHA1

2ee976eef5374d61063a95a6a62ce12fd3c5684d
SHA256

083ff0dca04e12c0ac1da78b111cf8d881505b9ff4f83988503986fafb272260
SHA512

2b254cffb872541e9db32f82195805c4ec8aee7cbc81436826b4113aeb023cb4489cf269825b42442afbe580eb3b8e00adcbed5244ff6bfd8df94035b341d1d8
SSDEEP

6144:GPfvZ8vQbQF83iqlSZ1yQ2NjvgocpjlcLHdDwWZThq7ebBM8Eo3A8FAwWWpp02:GnvCPmBCyX7tcLcDd/ZTIeFM8E4A8t

Score

10^/10

darkcomet modiloader guest16 rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2949038e177f7905cfdf61d98230034b_JaffaCakes118.exe

Resource

win7-20240508-en

darkcomet modiloader guest16 rat trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2949038e177f7905cfdf61d98230034b_JaffaCakes118.exe

Resource

win10v2004-20240704-en

modiloader trojan

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1609

5.16.40.113:1609

algeny0.no-ip.biz:1609

Mutex

DC_MUTEX-GWVWBC7

Attributes

gencode
ZQ50xz6q1Xv1
install
false
offline_keylogger
true
password
333333
persistence
false

Targets

- Target
  
  2949038e177f7905cfdf61d98230034b_JaffaCakes118
- Size
  
  328KB
- MD5
  
  2949038e177f7905cfdf61d98230034b
- SHA1
  
  2ee976eef5374d61063a95a6a62ce12fd3c5684d
- SHA256
  
  083ff0dca04e12c0ac1da78b111cf8d881505b9ff4f83988503986fafb272260
- SHA512
  
  2b254cffb872541e9db32f82195805c4ec8aee7cbc81436826b4113aeb023cb4489cf269825b42442afbe580eb3b8e00adcbed5244ff6bfd8df94035b341d1d8
- SSDEEP
  
  6144:GPfvZ8vQbQF83iqlSZ1yQ2NjvgocpjlcLHdDwWZThq7ebBM8Eo3A8FAwWWpp02:GnvCPmBCyX7tcLcDd/ZTIeFM8E4A8t
Score

10^/10

darkcomet modiloader guest16 rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

darkcometmodiloaderguest16rattrojan

behavioral2

modiloadertrojan

© 2018-2024

Terms | Privacy