General

  • Target

    139c407f18afa076d2b84d9e9a976dde_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240626-1v6r4awelb

  • MD5

    139c407f18afa076d2b84d9e9a976dde

  • SHA1

    2f52a86e60931efd85b1297d485d024fb705e887

  • SHA256

    8383502063bfc21e46558865c747ef9ca8023b46732c1cef09467e51c60331cb

  • SHA512

    b86e131e17bb7ac254dc8cf8c877e7c6bf90dd50b267818b08b2df93503816663ca9caa0cc18044b2057ad09651771c133459e1512713db18db59bdafbb792d9

  • SSDEEP

    24576:3Pns0XeQ2sPtysnGgeFC9A9fCG5qigd512vwyMR:fs0XeD2vTcCmqEJgdawj

Malware Config

Extracted

Family

darkcomet

Botnet

ÓÇã

C2

nnns.zapto.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    pZ2PbkJ4J7qu

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      139c407f18afa076d2b84d9e9a976dde_JaffaCakes118

    • Size

      1.1MB

    • MD5

      139c407f18afa076d2b84d9e9a976dde

    • SHA1

      2f52a86e60931efd85b1297d485d024fb705e887

    • SHA256

      8383502063bfc21e46558865c747ef9ca8023b46732c1cef09467e51c60331cb

    • SHA512

      b86e131e17bb7ac254dc8cf8c877e7c6bf90dd50b267818b08b2df93503816663ca9caa0cc18044b2057ad09651771c133459e1512713db18db59bdafbb792d9

    • SSDEEP

      24576:3Pns0XeQ2sPtysnGgeFC9A9fCG5qigd512vwyMR:fs0XeD2vTcCmqEJgdawj

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Drops file in Drivers directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks