General

  • Target

    6d06d1a4094b41a328b2600cd2d71e85_JaffaCakes118

  • Size

    334KB

  • Sample

    240724-2bysta1bjq

  • MD5

    6d06d1a4094b41a328b2600cd2d71e85

  • SHA1

    ab8a423b43372b890cfe4aacfa81a63a7dc07839

  • SHA256

    6000461c75f29e87cc36bab57bf9396ecd1802645ddbf585fad1ed492cb04de0

  • SHA512

    c4ad30e95cc7936e424c128d070e769407c25ec15031d469fbc41373ae66a2e03afb91a52e8aa6aaf0207a8813a5731907386691b2981213efc8cc7b96f3f5b7

  • SSDEEP

    6144:ny22ByAreNz+rtZOLqJ5Z7Ro94BDLbP2rr4hm3G+:4y1NzKZeqpR0SnbP2PGC

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-RHLLZJB

Attributes
  • gencode

    Tv2dc0nhix5v

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6d06d1a4094b41a328b2600cd2d71e85_JaffaCakes118

    • Size

      334KB

    • MD5

      6d06d1a4094b41a328b2600cd2d71e85

    • SHA1

      ab8a423b43372b890cfe4aacfa81a63a7dc07839

    • SHA256

      6000461c75f29e87cc36bab57bf9396ecd1802645ddbf585fad1ed492cb04de0

    • SHA512

      c4ad30e95cc7936e424c128d070e769407c25ec15031d469fbc41373ae66a2e03afb91a52e8aa6aaf0207a8813a5731907386691b2981213efc8cc7b96f3f5b7

    • SSDEEP

      6144:ny22ByAreNz+rtZOLqJ5Z7Ro94BDLbP2rr4hm3G+:4y1NzKZeqpR0SnbP2PGC

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Enterprise v15

Tasks