General

  • Target

    65a2cba2ce062f36146fa4fe2e377661_JaffaCakes118

  • Size

    712KB

  • Sample

    240723-b1gygs1akr

  • MD5

    65a2cba2ce062f36146fa4fe2e377661

  • SHA1

    b23cfbb9c0b4154e953af0d8348747e434184ddf

  • SHA256

    a84633a26947406eaf4a2189d35aab12bc4f7b3d988e748970a1e455124f9a88

  • SHA512

    6f733862f98c0c0f63cbd956ba1c685608855e231abb45a6c217b11f63b794eea60c38e120c6c5a19d7835fb9d351c4f2bf8647a070dad02eb4cf62b776e5202

  • SSDEEP

    12288:V3rpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnzAvIESvgU226Fc/PohaV:pFA4aWNn/m09fKIaaBEtWq3A1yv8vg9a

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

xinasser.no-ip.org:82

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    ypu8YPq965LG

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Targets

    • Target

      65a2cba2ce062f36146fa4fe2e377661_JaffaCakes118

    • Size

      712KB

    • MD5

      65a2cba2ce062f36146fa4fe2e377661

    • SHA1

      b23cfbb9c0b4154e953af0d8348747e434184ddf

    • SHA256

      a84633a26947406eaf4a2189d35aab12bc4f7b3d988e748970a1e455124f9a88

    • SHA512

      6f733862f98c0c0f63cbd956ba1c685608855e231abb45a6c217b11f63b794eea60c38e120c6c5a19d7835fb9d351c4f2bf8647a070dad02eb4cf62b776e5202

    • SSDEEP

      12288:V3rpvNW4a76S/Ddon/m09bbYlIaaMcE2YGhq3vo1RnzAvIESvgU226Fc/PohaV:pFA4aWNn/m09fKIaaBEtWq3A1yv8vg9a

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Matrix

Tasks