General

  • Target

    10efa3e37a857e142c69de282dee6cd5_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240626-gkq44s1err

  • MD5

    10efa3e37a857e142c69de282dee6cd5

  • SHA1

    55557d964db0f914ad9e4a7f32ac0f0bd98f577a

  • SHA256

    58eec74570af839b50207ff0b4ac888b1b3747254c6e419c5773facd1e0e26d6

  • SHA512

    58e21a8a843f5a42d9cbc7649f3ed327e00857c75957a7b0e99de73068b88e374df7798dda7f92ecbb938b75557ef10077e0ca6731064b9deb353103f4b01bd5

  • SSDEEP

    24576:XPns0XeQ2sPtysnGgMkPpHZd2xX7rYSzRidf97:/s0XeD2vTTNZdMLr9zRidfh

Malware Config

Extracted

Family

darkcomet

Botnet

ÝÇÑÓ

C2

nnns.zapto.org:1604

Mutex

DC_MUTEX-4JEUPPN

Attributes
  • gencode

    ER3lGokX8QwM

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      10efa3e37a857e142c69de282dee6cd5_JaffaCakes118

    • Size

      1.1MB

    • MD5

      10efa3e37a857e142c69de282dee6cd5

    • SHA1

      55557d964db0f914ad9e4a7f32ac0f0bd98f577a

    • SHA256

      58eec74570af839b50207ff0b4ac888b1b3747254c6e419c5773facd1e0e26d6

    • SHA512

      58e21a8a843f5a42d9cbc7649f3ed327e00857c75957a7b0e99de73068b88e374df7798dda7f92ecbb938b75557ef10077e0ca6731064b9deb353103f4b01bd5

    • SSDEEP

      24576:XPns0XeQ2sPtysnGgMkPpHZd2xX7rYSzRidf97:/s0XeD2vTTNZdMLr9zRidfh

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Drops file in Drivers directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks