General

  • Target

    5ee675020adbc7687a764fb458f3d550_JaffaCakes118

  • Size

    922KB

  • Sample

    240720-d9f4navcnr

  • MD5

    5ee675020adbc7687a764fb458f3d550

  • SHA1

    d62539d3507b2809197da007745fcbcde405b812

  • SHA256

    66d63c30197d733585f426613415fc20d0b0609bbc50ad9f494f00f64db83167

  • SHA512

    ef0e8dbe3119301d8d3ac468e418a41a5a1e5dfd592b5c16021a0e2c96f8df77f2af53c390cedfae6a764c0432b5b1b1947cb78163089e3cac15b840dc998aa9

  • SSDEEP

    24576:2qlEkcJKmfUokyt+fD7O0n9PubkDzHu/guM5:

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-2P7NG9W

Attributes
  • gencode

    4PigqPDhmrfp

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      5ee675020adbc7687a764fb458f3d550_JaffaCakes118

    • Size

      922KB

    • MD5

      5ee675020adbc7687a764fb458f3d550

    • SHA1

      d62539d3507b2809197da007745fcbcde405b812

    • SHA256

      66d63c30197d733585f426613415fc20d0b0609bbc50ad9f494f00f64db83167

    • SHA512

      ef0e8dbe3119301d8d3ac468e418a41a5a1e5dfd592b5c16021a0e2c96f8df77f2af53c390cedfae6a764c0432b5b1b1947cb78163089e3cac15b840dc998aa9

    • SSDEEP

      24576:2qlEkcJKmfUokyt+fD7O0n9PubkDzHu/guM5:

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks