General

  • Target

    69abd6877fb2545a1d85d39ecb470fe4_JaffaCakes118

  • Size

    747KB

  • Sample

    240724-beabhsyerm

  • MD5

    69abd6877fb2545a1d85d39ecb470fe4

  • SHA1

    a3d02bc168cb8bb47a68e3b7cec721881ad1f24d

  • SHA256

    1a1e61a57215dcaf3737a97cb05a75854b3ebe4a740c80ab91e3b3c4db28fc85

  • SHA512

    f4654049abe7e08f95675d46ef9196c508bb57b8564280e55de57645ef8e201648596702a6d0030b9e8d7f7c52806d79ac5824bc68f0144ea9a5cce65c4e6a59

  • SSDEEP

    12288:Hk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+m:E0QRWoJEfg0oChGdJQbjPbNW5tYeP+Gn

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

sobegin.no-ip.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    1iaksqnPyvdV

  • install

    false

  • offline_keylogger

    true

  • password

    asmonaco

  • persistence

    false

Targets

    • Target

      69abd6877fb2545a1d85d39ecb470fe4_JaffaCakes118

    • Size

      747KB

    • MD5

      69abd6877fb2545a1d85d39ecb470fe4

    • SHA1

      a3d02bc168cb8bb47a68e3b7cec721881ad1f24d

    • SHA256

      1a1e61a57215dcaf3737a97cb05a75854b3ebe4a740c80ab91e3b3c4db28fc85

    • SHA512

      f4654049abe7e08f95675d46ef9196c508bb57b8564280e55de57645ef8e201648596702a6d0030b9e8d7f7c52806d79ac5824bc68f0144ea9a5cce65c4e6a59

    • SSDEEP

      12288:Hk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+m:E0QRWoJEfg0oChGdJQbjPbNW5tYeP+Gn

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks