General

  • Target

    5eac63002d5612fe65535541d43f40b5_JaffaCakes118

  • Size

    666KB

  • Sample

    240720-cvsy8sscrm

  • MD5

    5eac63002d5612fe65535541d43f40b5

  • SHA1

    c8b24166b92907f808e30f0cd39debe327942849

  • SHA256

    817318e30ebc147b9e3cdce99e00c46bb30b0a164002e531807b88b9c072cd0c

  • SHA512

    10f73b81e4c694740365ffc1ab6ef77e775cb48efb2915f0d622d72c958ae86a93da41f475fc712f7b4ded8ff8effedeb1b7b5f229678f98f7ba309084ce7b17

  • SSDEEP

    12288:83OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/R:qOA4aWNn/m09fKIaaBEtWq3A1Ov8JgbD

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-XKMXZ30

Attributes
  • gencode

    YzYp4z58RJQN

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      5eac63002d5612fe65535541d43f40b5_JaffaCakes118

    • Size

      666KB

    • MD5

      5eac63002d5612fe65535541d43f40b5

    • SHA1

      c8b24166b92907f808e30f0cd39debe327942849

    • SHA256

      817318e30ebc147b9e3cdce99e00c46bb30b0a164002e531807b88b9c072cd0c

    • SHA512

      10f73b81e4c694740365ffc1ab6ef77e775cb48efb2915f0d622d72c958ae86a93da41f475fc712f7b4ded8ff8effedeb1b7b5f229678f98f7ba309084ce7b17

    • SSDEEP

      12288:83OpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnfAvIESJgoE26yc/R:qOA4aWNn/m09fKIaaBEtWq3A1Ov8JgbD

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Enterprise v15

Tasks