General

  • Target

    67e5d765022b5f8a67a4b4f4f77f5bc3_JaffaCakes118

  • Size

    608KB

  • Sample

    240723-rlc9raxcme

  • MD5

    67e5d765022b5f8a67a4b4f4f77f5bc3

  • SHA1

    ff4d2e8e41fbc0649b9f44fe022318b472e279fa

  • SHA256

    cbceb7644a44e7c08cbcfd43db84bdae652dd55e38847ec91e35f0f31ce1bd11

  • SHA512

    90fdc8d807136d3dcf0d06afcd1f741256afadcff9287fc17b92f74a5a558d0e5ae5c4fe48b70360bb2e6bf46e40cc22bd89023179bdc20b7177fc946d8ea437

  • SSDEEP

    12288:Qf67vowZ/TLLEHOa6ILW+TUNzMR77AUoZJc3XRhlguASQJ9i7c:uMvoM/fLnfEWXNzMVAfGASQ7t

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

ab11.no-ip.biz:1604

Mutex

DC_MUTEX-ENK4SB4

Attributes
  • gencode

    dqVWNGpFujjS

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      67e5d765022b5f8a67a4b4f4f77f5bc3_JaffaCakes118

    • Size

      608KB

    • MD5

      67e5d765022b5f8a67a4b4f4f77f5bc3

    • SHA1

      ff4d2e8e41fbc0649b9f44fe022318b472e279fa

    • SHA256

      cbceb7644a44e7c08cbcfd43db84bdae652dd55e38847ec91e35f0f31ce1bd11

    • SHA512

      90fdc8d807136d3dcf0d06afcd1f741256afadcff9287fc17b92f74a5a558d0e5ae5c4fe48b70360bb2e6bf46e40cc22bd89023179bdc20b7177fc946d8ea437

    • SSDEEP

      12288:Qf67vowZ/TLLEHOa6ILW+TUNzMR77AUoZJc3XRhlguASQJ9i7c:uMvoM/fLnfEWXNzMVAfGASQ7t

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks