darkcomet | 522444077221d01ff24cd5e67ff54e6de4120fab0dce64a177db843209a57797 | Triage

Submit
Reports

Overview

overview

Static

static

3

1bc615f161...18.exe

windows7-x64

1bc615f161...18.exe

windows10-2004-x64

Sharing

General

Target

1bc615f1613f42987e296b1f55c32e97_JaffaCakes118
Size

1.2MB
Sample

240701-ve34daygpa
MD5

1bc615f1613f42987e296b1f55c32e97
SHA1

2cc3dea7ecf8796b71c2e3eb5d7b775bb8793d2a
SHA256

522444077221d01ff24cd5e67ff54e6de4120fab0dce64a177db843209a57797
SHA512

662087275334d42ff95df4aaad994f7720a641d6c3d1ab1c60e646083cf32d0496072e834b6ac2aad66382fa8bf086e976079316b66d0ea015b321d8569084cd
SSDEEP

24576:RiY70YOLnxwbjaNuO+tT9SKS3GSkG0bi5CZ1cBffE1p3g8McL2qykCp:RiYynObjaNuOWmXkG4iICXEnac5y1p

Score

10^/10

darkcomet modiloader xtremerat ghadefer evasion persistence rat spyware trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1bc615f1613f42987e296b1f55c32e97_JaffaCakes118.exe

Resource

win7-20240611-en

darkcomet modiloader xtremerat ghadefer persistence rat spyware trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1bc615f1613f42987e296b1f55c32e97_JaffaCakes118.exe

Resource

win10v2004-20240226-en

darkcomet modiloader xtremerat ghadefer evasion persistence rat spyware trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

xtremerat

C2

mkidech.dyndns-mail.com

Extracted

Family

darkcomet

Botnet

ghadefer

C2

mkidech.zapto.org:1604

Mutex

DC_MUTEX-062AY3Q

Attributes

gencode
tnWqFu0KEmWe
install
false
offline_keylogger
true
persistence
false

Targets

- Target
  
  1bc615f1613f42987e296b1f55c32e97_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  1bc615f1613f42987e296b1f55c32e97
- SHA1
  
  2cc3dea7ecf8796b71c2e3eb5d7b775bb8793d2a
- SHA256
  
  522444077221d01ff24cd5e67ff54e6de4120fab0dce64a177db843209a57797
- SHA512
  
  662087275334d42ff95df4aaad994f7720a641d6c3d1ab1c60e646083cf32d0496072e834b6ac2aad66382fa8bf086e976079316b66d0ea015b321d8569084cd
- SSDEEP
  
  24576:RiY70YOLnxwbjaNuO+tT9SKS3GSkG0bi5CZ1cBffE1p3g8McL2qykCp:RiYynObjaNuOWmXkG4iICXEnac5y1p
Score

10^/10

darkcomet modiloader xtremerat ghadefer persistence rat spyware trojan upx evasion
- Darkcomet
  DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
  trojan rat darkcomet
- Detect XtremeRAT payload
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- UAC bypass
  evasion trojan
- XtremeRAT
  The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
  persistence spyware rat xtremerat
- ModiLoader Second Stage
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

darkcometmodiloaderxtremeratghadeferpersistenceratspywaretrojanupx

behavioral2

darkcometmodiloaderxtremeratghadeferevasionpersistenceratspywaretrojanupx

© 2018-2024

Terms | Privacy