General

  • Target

    5ca7d160be7412edcbf42d5107fd1087_JaffaCakes118

  • Size

    760KB

  • Sample

    240719-tkjq9asflc

  • MD5

    5ca7d160be7412edcbf42d5107fd1087

  • SHA1

    b34bd0d88eb0d32e80a14b185abfa8db90ea9d78

  • SHA256

    b8948eb521d6883491b6fec8882efdd926cf8434e63e6b344363dfddce528057

  • SHA512

    4985260dd2fc2bbd0adf54db7c6bb5d382baf4a2c1d1e745340c1acce523ad48579dae02a581ab0bdeab6d927b5f68cf2984c36200bf1e091f8e7ed05f0d17b6

  • SSDEEP

    12288:DEOpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/RpsvvZ:4OA4aWNn/m09fKIaaBEtWq3A1Ov8Jgb2

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

dxd300.publicvm.com:1604

Mutex

DC_MUTEX-4AF785U

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    xXNuPQBDMML7

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      5ca7d160be7412edcbf42d5107fd1087_JaffaCakes118

    • Size

      760KB

    • MD5

      5ca7d160be7412edcbf42d5107fd1087

    • SHA1

      b34bd0d88eb0d32e80a14b185abfa8db90ea9d78

    • SHA256

      b8948eb521d6883491b6fec8882efdd926cf8434e63e6b344363dfddce528057

    • SHA512

      4985260dd2fc2bbd0adf54db7c6bb5d382baf4a2c1d1e745340c1acce523ad48579dae02a581ab0bdeab6d927b5f68cf2984c36200bf1e091f8e7ed05f0d17b6

    • SSDEEP

      12288:DEOpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/RpsvvZ:4OA4aWNn/m09fKIaaBEtWq3A1Ov8Jgb2

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Matrix

Tasks