darkcomet | efa1d8b3913bea3615e5b1a482789cca5649662d851868f703b7728fdb86cad2 | Triage

Submit
Reports

Overview

overview

Static

static

7

b92690dd60...18.exe

windows7-x64

b92690dd60...18.exe

windows10-2004-x64

Sharing

General

Target

b92690dd60c51269cad640b0a34b4388_JaffaCakes118
Size

1.6MB
Sample

241202-t1lwjsxqak
MD5

b92690dd60c51269cad640b0a34b4388
SHA1

7f7efb103facfac19e21de3c0e031a37ce24853e
SHA256

efa1d8b3913bea3615e5b1a482789cca5649662d851868f703b7728fdb86cad2
SHA512

1cb6b2d10631f1f1f8bd8003566dd379893d08b6476fa7cd14efc0a37ca208ecdc390e167532ad260be6adeb4f5358f787ccffdab96e9bd2e62962e5b6695889
SSDEEP

49152:mBndddR42azwkxZVD9u6WD6dZs3rOi5TC:wZn0fKDMs3rde

Score

10^/10

darkcomet modiloader route discovery persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b92690dd60c51269cad640b0a34b4388_JaffaCakes118.exe

Resource

win7-20240903-en

darkcomet modiloader route discovery persistence rat trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

b92690dd60c51269cad640b0a34b4388_JaffaCakes118.exe

Resource

win10v2004-20241007-en

darkcomet modiloader route discovery persistence rat trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

darkcomet

Botnet

route

C2

mkidech.zapto.org:1604

Mutex

DC_MUTEX-MFYHLY2

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
oys3ZZzt6sGy
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Targets

- Target
  
  b92690dd60c51269cad640b0a34b4388_JaffaCakes118
- Size
  
  1.6MB
- MD5
  
  b92690dd60c51269cad640b0a34b4388
- SHA1
  
  7f7efb103facfac19e21de3c0e031a37ce24853e
- SHA256
  
  efa1d8b3913bea3615e5b1a482789cca5649662d851868f703b7728fdb86cad2
- SHA512
  
  1cb6b2d10631f1f1f8bd8003566dd379893d08b6476fa7cd14efc0a37ca208ecdc390e167532ad260be6adeb4f5358f787ccffdab96e9bd2e62962e5b6695889
- SSDEEP
  
  49152:mBndddR42azwkxZVD9u6WD6dZs3rOi5TC:wZn0fKDMs3rde
Score

10^/10

darkcomet modiloader route discovery persistence rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modifies WinLogon for persistence
  persistence
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

darkcometmodiloaderroutediscoverypersistencerattrojan

behavioral2

darkcometmodiloaderroutediscoverypersistencerattrojan

© 2018-2025

Terms | Privacy