General

  • Target

    4e190a3cc7f47f0961c68d8d3fa03561_JaffaCakes118

  • Size

    329KB

  • Sample

    240517-c98m8sdg71

  • MD5

    4e190a3cc7f47f0961c68d8d3fa03561

  • SHA1

    af4e825d19ab0bba032ca9cf253cac7f7f6a0dba

  • SHA256

    573ab6d10a870a0df4eee136f7ecdd72213fb456f0b022e58c8d01dd5526a44d

  • SHA512

    9b2675a9744914265568380e0b2429f5610a51bb24134efbe803b44acfca8f9841602c8dc6f874f07ecdefc7d2432b4f45504ab8ea709e19bb51b2e2b58df5d2

  • SSDEEP

    6144:fAE21pp978na6mFC6M2rfwBQGynR/UzGJAQWZGjjRe/063THveWb2hcBLmuWIwk/:6Rea6cCHQwsR/sGvGmjn6DWmL7WIwLcZ

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-TRCXYV8

Attributes
  • gencode

    QLz31KopM5kc

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      ⮦.exe

    • Size

      658KB

    • MD5

      8f028d558e48e06be1d54928c2440fe4

    • SHA1

      1a94990ee3ba4695ff2960a1f9c36e5a68679c9d

    • SHA256

      496481311ab3fa6df238bb67218ac8bbcdb4d6111766532730f77bce66c548c2

    • SHA512

      2dcf833f633944082a51ddc171d39bf00fca41d834d64104164e1d4dbe7a3850167d85a9d77ced6112a0674bd0fd33e639a43e30be8265a2740c7d4b69235a10

    • SSDEEP

      12288:29HMeUmcufrvA3kb445UEJ2jsWiD4EvFuu4cNgZhCiZKD/XdyFO:SiBIGkbxqEcjsWiDxguehC2St

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Matrix ATT&CK v13

Tasks