darkcomet | d8ff424ea922d6da734ceb5dc319f57ebd892101e96d4a65c2616e4e3f4a0845 | Triage

Submit
Reports

Overview

overview

Static

static

3

e39e2d4f84...18.exe

windows7-x64

e39e2d4f84...18.exe

windows10-2004-x64

Sharing

General

Target

e39e2d4f842454d0758aee2cde0bbd56_JaffaCakes118
Size

403KB
Sample

240915-3wytzsyhnn
MD5

e39e2d4f842454d0758aee2cde0bbd56
SHA1

714688591b2f00d11b67d84db1694a0f57aff655
SHA256

d8ff424ea922d6da734ceb5dc319f57ebd892101e96d4a65c2616e4e3f4a0845
SHA512

a60f1d68c6d9a1b4df1cfd166af01130d4b3ae312cd817e75a8d2587365fa81efe7bc60cb24e3118d2f557efd9266ce003b98f1dd48e0f10e3c2fa854f196813
SSDEEP

12288:tJIIhII+V+gGc5mBpcOKzDCW50O8kR8CswbOha5:8YPRpcJCW78EKwbya5

Score

10^/10

darkcomet modiloader guest16 discovery evasion rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e39e2d4f842454d0758aee2cde0bbd56_JaffaCakes118.exe

Resource

win7-20240903-en

darkcomet modiloader guest16 discovery evasion rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e39e2d4f842454d0758aee2cde0bbd56_JaffaCakes118.exe

Resource

win10v2004-20240910-en

darkcomet modiloader guest16 discovery evasion rat trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1609

5.16.40.113:1609

algeny0.no-ip.biz:1609

Mutex

DC_MUTEX-MB1E34G

Attributes

gencode
staVZD5yENVL
install
false
offline_keylogger
true
password
333333
persistence
false

Targets

- Target
  
  e39e2d4f842454d0758aee2cde0bbd56_JaffaCakes118
- Size
  
  403KB
- MD5
  
  e39e2d4f842454d0758aee2cde0bbd56
- SHA1
  
  714688591b2f00d11b67d84db1694a0f57aff655
- SHA256
  
  d8ff424ea922d6da734ceb5dc319f57ebd892101e96d4a65c2616e4e3f4a0845
- SHA512
  
  a60f1d68c6d9a1b4df1cfd166af01130d4b3ae312cd817e75a8d2587365fa81efe7bc60cb24e3118d2f557efd9266ce003b98f1dd48e0f10e3c2fa854f196813
- SSDEEP
  
  12288:tJIIhII+V+gGc5mBpcOKzDCW50O8kR8CswbOha5:8YPRpcJCW78EKwbya5
Score

10^/10

darkcomet modiloader guest16 discovery evasion rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometmodiloaderguest16discoveryevasionrattrojan

behavioral2

darkcometmodiloaderguest16discoveryevasionrattrojan

© 2018-2025

Terms | Privacy