General

  • Target

    6738a68d6ca982d3eb8bb18261ade528_JaffaCakes118

  • Size

    916KB

  • Sample

    240723-mlsl8a1ele

  • MD5

    6738a68d6ca982d3eb8bb18261ade528

  • SHA1

    b28b8bdb0527c9befad62bd93f937f1597a13815

  • SHA256

    8b9dda116a71368a9de721e5cd6c6de05c9f9deb692d7e7f623e60d9a9972b5c

  • SHA512

    4d962c2cda9071fe67bca99db4e70fb7a2906447a85c0516f7793421d9ce4d01c14f573e29fafe0c6fac9d4e77ee3a508aeced37aeffaf63267ae8b8f975c340

  • SSDEEP

    12288:Pw5wNzoYqZtfEJRplx8Y1tcDiYifuMPcWTb0vLwySQ5xH:PBGYkfGzVcDiYimM0DLwySQf

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    Nl2fmspeVP53

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6738a68d6ca982d3eb8bb18261ade528_JaffaCakes118

    • Size

      916KB

    • MD5

      6738a68d6ca982d3eb8bb18261ade528

    • SHA1

      b28b8bdb0527c9befad62bd93f937f1597a13815

    • SHA256

      8b9dda116a71368a9de721e5cd6c6de05c9f9deb692d7e7f623e60d9a9972b5c

    • SHA512

      4d962c2cda9071fe67bca99db4e70fb7a2906447a85c0516f7793421d9ce4d01c14f573e29fafe0c6fac9d4e77ee3a508aeced37aeffaf63267ae8b8f975c340

    • SSDEEP

      12288:Pw5wNzoYqZtfEJRplx8Y1tcDiYifuMPcWTb0vLwySQ5xH:PBGYkfGzVcDiYimM0DLwySQf

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks