General

  • Target

    11a045b6b809c60cf7dd66e88f78c6f5_JaffaCakes118

  • Size

    711KB

  • Sample

    240626-l6dhcszard

  • MD5

    11a045b6b809c60cf7dd66e88f78c6f5

  • SHA1

    4d7724ac49fd2bf7db7804fe31484b9e7a7be470

  • SHA256

    9587d1280f902814a977f5f836d97e8327b98d7848b2e4e653774ffb62b4d298

  • SHA512

    3948fa93f98c2b31b14fbce025c433378dfdeb17044c82106c9f42d841aecd73f05cd120cbf4b969ce07ead5ed2fcb2993faffcd840aa0d1abf3708d316a6565

  • SSDEEP

    12288:i+2hYTMcLBzn7H0Hjnu/qNUbypFDMjLl3g6400QXonT4Fc/IoRT85EgwG3U30s7n:i+sYTBBz7HcDu8U2zAjLRK0jERmEKC7n

Malware Config

Extracted

Family

darkcomet

Botnet

blah

C2

cyberprodigy.no-ip.org:1337

Mutex

DCMIN_MUTEX-JDW4X1E

Attributes
  • gencode

    N8tcBB7ZycTr

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      11a045b6b809c60cf7dd66e88f78c6f5_JaffaCakes118

    • Size

      711KB

    • MD5

      11a045b6b809c60cf7dd66e88f78c6f5

    • SHA1

      4d7724ac49fd2bf7db7804fe31484b9e7a7be470

    • SHA256

      9587d1280f902814a977f5f836d97e8327b98d7848b2e4e653774ffb62b4d298

    • SHA512

      3948fa93f98c2b31b14fbce025c433378dfdeb17044c82106c9f42d841aecd73f05cd120cbf4b969ce07ead5ed2fcb2993faffcd840aa0d1abf3708d316a6565

    • SSDEEP

      12288:i+2hYTMcLBzn7H0Hjnu/qNUbypFDMjLl3g6400QXonT4Fc/IoRT85EgwG3U30s7n:i+sYTBBz7HcDu8U2zAjLRK0jERmEKC7n

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks