General

  • Target

    5c7cd6cb7a641f2ef025e7ae46a910c0_JaffaCakes118

  • Size

    252KB

  • Sample

    240719-sl4x5sxdkk

  • MD5

    5c7cd6cb7a641f2ef025e7ae46a910c0

  • SHA1

    8ff15e867ab101c60af61915c421278fa26ae40b

  • SHA256

    5254299a09290a8ed96d718e82b3110e8f89cc8ae266fb0ca875b114e9cecd9d

  • SHA512

    bcfa0d4a240b911bba111fbbe6a2267449b1ed84a477b159475aa94c6447d453fe7b11ef2a4bec0894dfb96ffc65136bc4be2ab502456a4d35326734c342ab6b

  • SSDEEP

    6144:0D7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZF:0l8E4w5huat7UovONzbXw

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

yoosamed.no-ip.biz:1604

Mutex

DC_MUTEX-EPWTGH8

Attributes
  • gencode

    w62zLTnoqK0w

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      5c7cd6cb7a641f2ef025e7ae46a910c0_JaffaCakes118

    • Size

      252KB

    • MD5

      5c7cd6cb7a641f2ef025e7ae46a910c0

    • SHA1

      8ff15e867ab101c60af61915c421278fa26ae40b

    • SHA256

      5254299a09290a8ed96d718e82b3110e8f89cc8ae266fb0ca875b114e9cecd9d

    • SHA512

      bcfa0d4a240b911bba111fbbe6a2267449b1ed84a477b159475aa94c6447d453fe7b11ef2a4bec0894dfb96ffc65136bc4be2ab502456a4d35326734c342ab6b

    • SSDEEP

      6144:0D7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZF:0l8E4w5huat7UovONzbXw

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks