General

  • Target

    12afa41586011ca7da4c854e5aa25e20_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240626-t9kpvataqh

  • MD5

    12afa41586011ca7da4c854e5aa25e20

  • SHA1

    5d39239559226d86bb42c95ee7e488e898782328

  • SHA256

    225a79b6670f27da254a019a4111693edab9a1198148c303690089f467413ba1

  • SHA512

    d85baa4d8a1ec8c01cbb390d78ac8bc8fab2ebc533aaa1f82f7400c2660c708483a569725224007759443e63a98627b516d82175283eed2822196e5d6bc0e6be

  • SSDEEP

    49152:8oVAFnZq6c0zRnxGXKvGEDyY6vMpl6HuK9mxuQx:8zjqqo6GEDBpEOK9M

Malware Config

Extracted

Family

darkcomet

Botnet



C2

nnns.zapto.org:4433

Mutex

DC_MUTEX-Q2XZ4M3

Attributes
  • gencode

    N6RGFjbT4YgW

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      12afa41586011ca7da4c854e5aa25e20_JaffaCakes118

    • Size

      1.8MB

    • MD5

      12afa41586011ca7da4c854e5aa25e20

    • SHA1

      5d39239559226d86bb42c95ee7e488e898782328

    • SHA256

      225a79b6670f27da254a019a4111693edab9a1198148c303690089f467413ba1

    • SHA512

      d85baa4d8a1ec8c01cbb390d78ac8bc8fab2ebc533aaa1f82f7400c2660c708483a569725224007759443e63a98627b516d82175283eed2822196e5d6bc0e6be

    • SSDEEP

      49152:8oVAFnZq6c0zRnxGXKvGEDyY6vMpl6HuK9mxuQx:8zjqqo6GEDBpEOK9M

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Drops file in Drivers directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks