General

  • Target

    60abe6287ed79eac69dbdf5bbbe56f71_JaffaCakes118

  • Size

    900KB

  • Sample

    240721-qt4agavarm

  • MD5

    60abe6287ed79eac69dbdf5bbbe56f71

  • SHA1

    cb4bbf6abeec61f65066096e2d3b30bbd7db7ee1

  • SHA256

    f9883c48df58c3670bf30c68c6a2a6241411c83e43a1aea0388e01242a01b688

  • SHA512

    dda42cd6e5d671c697e417571c90e586274d99f4ac9c3996ecb053de38fddc41d59eb79d408214c25e7681b419209f9f97297fe744bb5720db61eef2de51bc61

  • SSDEEP

    24576:R0nSSgGlXP1328fmHZRj9lPN8f/rdA8wO:R0nSSl91ulVKt

Malware Config

Extracted

Family

darkcomet

Botnet

bot

C2

212.7.208.77:1604

Mutex

DCMIN_MUTEX-VU3YMGD

Attributes
  • gencode

    9R6PZ1XMcL4g

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      60abe6287ed79eac69dbdf5bbbe56f71_JaffaCakes118

    • Size

      900KB

    • MD5

      60abe6287ed79eac69dbdf5bbbe56f71

    • SHA1

      cb4bbf6abeec61f65066096e2d3b30bbd7db7ee1

    • SHA256

      f9883c48df58c3670bf30c68c6a2a6241411c83e43a1aea0388e01242a01b688

    • SHA512

      dda42cd6e5d671c697e417571c90e586274d99f4ac9c3996ecb053de38fddc41d59eb79d408214c25e7681b419209f9f97297fe744bb5720db61eef2de51bc61

    • SSDEEP

      24576:R0nSSgGlXP1328fmHZRj9lPN8f/rdA8wO:R0nSSl91ulVKt

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks