General

  • Target

    67ce6fb2ad53314f43e8206ec2a0bc4a_JaffaCakes118

  • Size

    388KB

  • Sample

    240723-qzvwaawclg

  • MD5

    67ce6fb2ad53314f43e8206ec2a0bc4a

  • SHA1

    1a777ee7eb7fa8205c2ad1ec901e8897227954a2

  • SHA256

    916168cf6b4ebe87c91957cf9854b6389535695a9b6b80ce216e7157bf7febdf

  • SHA512

    310c65a2b57e15c96d96f81495c22739c03bfb996099dc565ef5eda420d227cd057327694934e376d32493842569fd88aed1e4012ceb7507fe3a4581b2236d09

  • SSDEEP

    6144:g4gKVj/WR+OxatHYj0i4E1qUbV3yYeJNW6loLRMlDWn0RwvZBzus0VGzXr:bVSRXatHYj0ib1nV3l/6oLgD2qsgwr

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-46RNKME

Attributes
  • gencode

    mAsZ4Eptu3Rd

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      67ce6fb2ad53314f43e8206ec2a0bc4a_JaffaCakes118

    • Size

      388KB

    • MD5

      67ce6fb2ad53314f43e8206ec2a0bc4a

    • SHA1

      1a777ee7eb7fa8205c2ad1ec901e8897227954a2

    • SHA256

      916168cf6b4ebe87c91957cf9854b6389535695a9b6b80ce216e7157bf7febdf

    • SHA512

      310c65a2b57e15c96d96f81495c22739c03bfb996099dc565ef5eda420d227cd057327694934e376d32493842569fd88aed1e4012ceb7507fe3a4581b2236d09

    • SSDEEP

      6144:g4gKVj/WR+OxatHYj0i4E1qUbV3yYeJNW6loLRMlDWn0RwvZBzus0VGzXr:bVSRXatHYj0ib1nV3l/6oLgD2qsgwr

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks