General

  • Target

    6416e78b9dbe5c49458ab82dee9cd3cd_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240722-vyha1sygjj

  • MD5

    6416e78b9dbe5c49458ab82dee9cd3cd

  • SHA1

    77a3dbe272c9181c8c0607c98f30b5f68e115e01

  • SHA256

    776ea59c7b0331ce6251a9b6e0e5c9554b1a2ca2adac6e772fd19afbda034eeb

  • SHA512

    eaa19f7b656e97a2060bdcaf591bc60df103d9499805372e0e77e8b7de8a7e84e30031b4ec432c5b758613e69dcf1201c8a839bd2c8dc2bbdb1599c53768611b

  • SSDEEP

    49152:sAZGuj5/Uf9+1gi1TeWyv7BttIHlOWdyC+:nj5MohE7BwQ+yC+

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

serenitychat.no-ip.biz:27015

Mutex

DC_MUTEX-RCVU3CF

Attributes
  • gencode

    dJGhvQ2HimZY

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6416e78b9dbe5c49458ab82dee9cd3cd_JaffaCakes118

    • Size

      1.9MB

    • MD5

      6416e78b9dbe5c49458ab82dee9cd3cd

    • SHA1

      77a3dbe272c9181c8c0607c98f30b5f68e115e01

    • SHA256

      776ea59c7b0331ce6251a9b6e0e5c9554b1a2ca2adac6e772fd19afbda034eeb

    • SHA512

      eaa19f7b656e97a2060bdcaf591bc60df103d9499805372e0e77e8b7de8a7e84e30031b4ec432c5b758613e69dcf1201c8a839bd2c8dc2bbdb1599c53768611b

    • SSDEEP

      49152:sAZGuj5/Uf9+1gi1TeWyv7BttIHlOWdyC+:nj5MohE7BwQ+yC+

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks