General

  • Target

    66ca9bc0164c71828de8c621f6f5d686_JaffaCakes118

  • Size

    736KB

  • Sample

    240723-j46d9axalm

  • MD5

    66ca9bc0164c71828de8c621f6f5d686

  • SHA1

    6adb12fb6dce933039908fbd729483d99663d8ef

  • SHA256

    438dff2661df9500aabba12b6420ae02f6dd8679c0818a9f47d14681cb3cb834

  • SHA512

    613941bdbe314d8f68ff68de2346de309fd229667bd8b4fcd6d4c1f9eb6b233b5c65cda6fde08b77addda4a67b7d8eff2e8b2e32ba5c0554cf5c7b730445434b

  • SSDEEP

    12288:ReEViAhLrd6wS3dT0UmII0EDudAVkeeglrI2s+LfQndQnXzQ48LDI/JnRpJspkQQ:VViePdTANmIj3ElsP+L2iXzQpq1bJf1n

Malware Config

Extracted

Family

darkcomet

Botnet

Shell

C2

internetlogger.no-ip.org:3174

Mutex

DC_MUTEX-MJVY139

Attributes
  • gencode

    PQ93Ux15jXRd

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      66ca9bc0164c71828de8c621f6f5d686_JaffaCakes118

    • Size

      736KB

    • MD5

      66ca9bc0164c71828de8c621f6f5d686

    • SHA1

      6adb12fb6dce933039908fbd729483d99663d8ef

    • SHA256

      438dff2661df9500aabba12b6420ae02f6dd8679c0818a9f47d14681cb3cb834

    • SHA512

      613941bdbe314d8f68ff68de2346de309fd229667bd8b4fcd6d4c1f9eb6b233b5c65cda6fde08b77addda4a67b7d8eff2e8b2e32ba5c0554cf5c7b730445434b

    • SSDEEP

      12288:ReEViAhLrd6wS3dT0UmII0EDudAVkeeglrI2s+LfQndQnXzQ48LDI/JnRpJspkQQ:VViePdTANmIj3ElsP+L2iXzQpq1bJf1n

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks