darkcomet

General

Target

JaffaCakes118_830f0ad0035794193164aa5155e72842
Size

714KB
Sample

250321-nr1epa1my9
MD5

830f0ad0035794193164aa5155e72842
SHA1

448f224a6c1ea5508a93837e920a6641729c3ca2
SHA256

4c1daee547326b6d86a4c084371ecfe79637512003161cc4cdfd9daa9d424b9d
SHA512

197af42ef6d63cdda191cce9a9a72ce1e510df2694d54454b71f4f204d3c2cd65d42713de5c670cb2ea7a24e60f863322f02ef32af7d64f3a9078a57515bcf71
SSDEEP

12288:GraPvsV0toxajiBjlgTbwyAGglkNLUr58rRJCtl9tpIEmPJz9wL5OruKaE7bM:qGvg0tox4+jlgTbw1lkLUr58lJoXtCZi

Score

10^/10

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

teammist.no-ip.org:1337

Mutex

DCMIN_MUTEX-EWCAN84

Attributes

gencode
228YoTX7sV8q
install
false
offline_keylogger
true
persistence
false

rc4.plain

Targets

- Target
  
  JaffaCakes118_830f0ad0035794193164aa5155e72842
- Size
  
  714KB
- MD5
  
  830f0ad0035794193164aa5155e72842
- SHA1
  
  448f224a6c1ea5508a93837e920a6641729c3ca2
- SHA256
  
  4c1daee547326b6d86a4c084371ecfe79637512003161cc4cdfd9daa9d424b9d
- SHA512
  
  197af42ef6d63cdda191cce9a9a72ce1e510df2694d54454b71f4f204d3c2cd65d42713de5c670cb2ea7a24e60f863322f02ef32af7d64f3a9078a57515bcf71
- SSDEEP
  
  12288:GraPvsV0toxajiBjlgTbwyAGglkNLUr58rRJCtl9tpIEmPJz9wL5OruKaE7bM:qGvg0tox4+jlgTbw1lkLUr58lJoXtCZi
Score

10^/10

darkcomet modiloader guest16_min discovery rat trojan
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Darkcomet family
  darkcomet
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- Modiloader family
  modiloader
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Darkcomet family

ModiLoader, DBatLoader

Modiloader family

ModiLoader Second Stage

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2