General

  • Target

    68d4998a4d43e5e8a17824ae9625d50e_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240522-182ejaba3v

  • MD5

    68d4998a4d43e5e8a17824ae9625d50e

  • SHA1

    585e37a0cf5325b293a85d9e982d305e017387f3

  • SHA256

    c952f7847e3506767527d442a29859b4bf6a85497e41695d20f563369055eccc

  • SHA512

    33d61632b624c6f602e3dd88e403f55bb5b924f09a1e5014a9fa52138d82dde2f995dd4caf619f307ebf2b761f5342e28ea2bc33dbebd37b47745b05e09edec3

  • SSDEEP

    24576:zAHnh+eWsN3skA4RV1Hom2KXMmHasyAkapHeoC0TLc3DbEJ5:+h+ZkldoPK8Yaseb2

Malware Config

Extracted

Family

darkcomet

Botnet

Amsterdam NL

C2

ghostville.duckdns.org:1700

Mutex

DCMIN_MUTEX-RWTUX06

Attributes
  • gencode

    ql2oH4DGvE30

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      68d4998a4d43e5e8a17824ae9625d50e_JaffaCakes118

    • Size

      1.3MB

    • MD5

      68d4998a4d43e5e8a17824ae9625d50e

    • SHA1

      585e37a0cf5325b293a85d9e982d305e017387f3

    • SHA256

      c952f7847e3506767527d442a29859b4bf6a85497e41695d20f563369055eccc

    • SHA512

      33d61632b624c6f602e3dd88e403f55bb5b924f09a1e5014a9fa52138d82dde2f995dd4caf619f307ebf2b761f5342e28ea2bc33dbebd37b47745b05e09edec3

    • SSDEEP

      24576:zAHnh+eWsN3skA4RV1Hom2KXMmHasyAkapHeoC0TLc3DbEJ5:+h+ZkldoPK8Yaseb2

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Drops startup file

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks