General

  • Target

    5cf5242f8775a75755c0e18ed2f77d17_JaffaCakes118

  • Size

    432KB

  • Sample

    240719-v52m8swble

  • MD5

    5cf5242f8775a75755c0e18ed2f77d17

  • SHA1

    8d1eddf0848129228a0b848e369d38909ad4ffb4

  • SHA256

    d2cf074f9729ce229a6e8b1e8fd580a5cfa0777374ef720bd41553d474755fa2

  • SHA512

    1513aa17c8548557c39d4774456ce3d22c01bb9dc500536649f5b3103507c0608f81080b8a676e131a7502f3d900d900b699867e33a6ba3760bc2f7c9370e864

  • SSDEEP

    12288:LBVo44m96iqVt2oVo06jRhUeoyEb58sP6PqXGZx7Fb:dKxm9UMNth5k5rC4GX7Fb

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

snak.no-ip.biz:1604

Mutex

DC_MUTEX-2T0X0X7

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    ddCXSocGi8Uy

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      5cf5242f8775a75755c0e18ed2f77d17_JaffaCakes118

    • Size

      432KB

    • MD5

      5cf5242f8775a75755c0e18ed2f77d17

    • SHA1

      8d1eddf0848129228a0b848e369d38909ad4ffb4

    • SHA256

      d2cf074f9729ce229a6e8b1e8fd580a5cfa0777374ef720bd41553d474755fa2

    • SHA512

      1513aa17c8548557c39d4774456ce3d22c01bb9dc500536649f5b3103507c0608f81080b8a676e131a7502f3d900d900b699867e33a6ba3760bc2f7c9370e864

    • SSDEEP

      12288:LBVo44m96iqVt2oVo06jRhUeoyEb58sP6PqXGZx7Fb:dKxm9UMNth5k5rC4GX7Fb

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Program crash

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks