General

  • Target

    6037995835a785a752639476e649a992_JaffaCakes118

  • Size

    946KB

  • Sample

    240720-2ch4rayalb

  • MD5

    6037995835a785a752639476e649a992

  • SHA1

    a37c182ca65dd6a22d76b702268766df9132cdf3

  • SHA256

    c0d60354f5ab983f7d3cadc96d2b9b28467524617ab1e9be23d6a705921fc969

  • SHA512

    b0f941bd36e6c1810b2e91348cc2b50888f5ca2c3b6335315003f390416eeb277b9c9533f04373cafad06afa192ce81f2c93f37bdf931a9cc3d47d514d05e0fd

  • SSDEEP

    12288:e+37m01mnQaRQ6Zirxrq2Eh8xwkl8E4w5huat7UovONzbXw7:e3dNQ6Ae2Eh8tdhHwNzbXk

Malware Config

Extracted

Family

darkcomet

Botnet

Zombi

C2

ozowarac.no-ip.org:1604

Mutex

DC_MUTEX-TF3J9AX

Attributes
  • gencode

    7zTW8Ld2Lb3z

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6037995835a785a752639476e649a992_JaffaCakes118

    • Size

      946KB

    • MD5

      6037995835a785a752639476e649a992

    • SHA1

      a37c182ca65dd6a22d76b702268766df9132cdf3

    • SHA256

      c0d60354f5ab983f7d3cadc96d2b9b28467524617ab1e9be23d6a705921fc969

    • SHA512

      b0f941bd36e6c1810b2e91348cc2b50888f5ca2c3b6335315003f390416eeb277b9c9533f04373cafad06afa192ce81f2c93f37bdf931a9cc3d47d514d05e0fd

    • SSDEEP

      12288:e+37m01mnQaRQ6Zirxrq2Eh8xwkl8E4w5huat7UovONzbXw7:e3dNQ6Ae2Eh8tdhHwNzbXk

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks