darkcomet

General

Target

fe7970e2544e76469e920ed0b4c46e0f_JaffaCakes118
Size

5.3MB
Sample

241219-fal7qsymav
MD5

fe7970e2544e76469e920ed0b4c46e0f
SHA1

8c7c70fa2b1fe29d4ff2b85189f43c16b8cccb2e
SHA256

dc3f0f158fe35f749b506e7f1e25a7506eab5a72ca2975cec089657447f6aabb
SHA512

0b2bf9e39172642e5c7e62cf14126b8595157140b9087000d1fd78a43ba13cc026154b15e94e566d7ce0bb3166aa08093887f9588daa869cf49d862d6ec8fca1
SSDEEP

98304:/yo366ucUwk7AMbpnuFCxPl/lNU3cJnbhDNvQKyiVLLHkVVvZMa8PB:qGkHoSlNNUy9NoKycszi

Score

10^/10

Malware Config

Targets

- Target
  
  fe7970e2544e76469e920ed0b4c46e0f_JaffaCakes118
- Size
  
  5.3MB
- MD5
  
  fe7970e2544e76469e920ed0b4c46e0f
- SHA1
  
  8c7c70fa2b1fe29d4ff2b85189f43c16b8cccb2e
- SHA256
  
  dc3f0f158fe35f749b506e7f1e25a7506eab5a72ca2975cec089657447f6aabb
- SHA512
  
  0b2bf9e39172642e5c7e62cf14126b8595157140b9087000d1fd78a43ba13cc026154b15e94e566d7ce0bb3166aa08093887f9588daa869cf49d862d6ec8fca1
- SSDEEP
  
  98304:/yo366ucUwk7AMbpnuFCxPl/lNU3cJnbhDNvQKyiVLLHkVVvZMa8PB:qGkHoSlNNUy9NoKycszi
Score

10^/10

darkcomet modiloader discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

4

T1012

System Information Discovery

5

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Darkcomet family

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Checks BIOS information in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2