General

  • Target

    6474330de280da2f5a5dd821117e3e43_JaffaCakes118

  • Size

    306KB

  • Sample

    240722-xyhynatepr

  • MD5

    6474330de280da2f5a5dd821117e3e43

  • SHA1

    75c46ae845cd9855b98cd43e9f99ca57bd08a752

  • SHA256

    c2d4b6504f49a3dc7f1fe0f2a85c60184dda2b22dc01b2a4654d18ef30d27e89

  • SHA512

    50698590fd23cae20590d36c19c4c00c28b6866dcfe80dde3a7eec16cb607d1e5f88933d7d9a46a1de1397c2a14d1bc8b338b30628119f824b33c11f3bc850c1

  • SSDEEP

    6144:0D8cO856TYmhyXLd9jXal8Z4LWdsSCrwAnHlK8koEb6VXHvGTpxNZqH0ZnWQr8a3:0h5ZFIRcC8J8koi6VXP8xSHrQx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

brhoom1406.no-ip.org:1604

Mutex

DC_MUTEX-PJL2EH6

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    446erLAcby0j

  • install

    true

  • offline_keylogger

    true

  • password

    0566699323

  • persistence

    false

  • reg_key

    MicroUpdate

Targets

    • Target

      6474330de280da2f5a5dd821117e3e43_JaffaCakes118

    • Size

      306KB

    • MD5

      6474330de280da2f5a5dd821117e3e43

    • SHA1

      75c46ae845cd9855b98cd43e9f99ca57bd08a752

    • SHA256

      c2d4b6504f49a3dc7f1fe0f2a85c60184dda2b22dc01b2a4654d18ef30d27e89

    • SHA512

      50698590fd23cae20590d36c19c4c00c28b6866dcfe80dde3a7eec16cb607d1e5f88933d7d9a46a1de1397c2a14d1bc8b338b30628119f824b33c11f3bc850c1

    • SSDEEP

      6144:0D8cO856TYmhyXLd9jXal8Z4LWdsSCrwAnHlK8koEb6VXHvGTpxNZqH0ZnWQr8a3:0h5ZFIRcC8J8koi6VXP8xSHrQx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks