General

  • Target

    Apocalypse RAT 1.4.4.rar

  • Size

    2.6MB

  • Sample

    241229-dkawca1jfr

  • MD5

    2dbd62a86821c748dd1b5d576a424668

  • SHA1

    d22a0071f27f1173c04d06fddacc318705f2a820

  • SHA256

    1272e2bacba1e801708f93cedb19fecf3b009633b46979730209672db9c53a21

  • SHA512

    ac781e1350b53d3eb4aeb0262130146fe2e3ee6dc67ac828820cec738e3b4cdfa32183f43f61ec11fee4fc83d63aca8089c5daa92aa1d1f5291e0775d7e5f223

  • SSDEEP

    49152:YTjYUZI02JpoOPiDnxTqQswz8d/glL1II3PBW2rIk5ywp54Qz7xvYM:EjYUHcpoftTqQJIcF3JW20YX4s7pH

Malware Config

Targets

    • Target

      Apocalypse RAT 1.4.4.rar

    • Size

      2.6MB

    • MD5

      2dbd62a86821c748dd1b5d576a424668

    • SHA1

      d22a0071f27f1173c04d06fddacc318705f2a820

    • SHA256

      1272e2bacba1e801708f93cedb19fecf3b009633b46979730209672db9c53a21

    • SHA512

      ac781e1350b53d3eb4aeb0262130146fe2e3ee6dc67ac828820cec738e3b4cdfa32183f43f61ec11fee4fc83d63aca8089c5daa92aa1d1f5291e0775d7e5f223

    • SSDEEP

      49152:YTjYUZI02JpoOPiDnxTqQswz8d/glL1II3PBW2rIk5ywp54Qz7xvYM:EjYUHcpoftTqQJIcF3JW20YX4s7pH

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies WinLogon for persistence

    • Modiloader family

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks