General

  • Target

    6e1bfbda21cf3b64c1f3bceb27bcf564_JaffaCakes118

  • Size

    248KB

  • Sample

    240725-ezlf3a1fle

  • MD5

    6e1bfbda21cf3b64c1f3bceb27bcf564

  • SHA1

    9bd1631fac635a902d96e46823508d5360e4a4f1

  • SHA256

    d10761f462c8413fd12d9b24cb9a03d6c6a28ae28689e11c6ef6929e67043201

  • SHA512

    f2c430a52e92a92f87bfdda704236abcaa35a2b5568f26fe45a50b77bcb621c67f3008a7e451ce406f0267fa10baae18ca5a5f205cf29accd31b33886adcb605

  • SSDEEP

    6144:7wT5O7pJmNB6dLY6dCnnsyZLHoaIyv6ocU/qxDS2xDWb3cw1:7P+NULZdCn3TbncU2D7Ab3

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rat644.no-ip.info:1604

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    4dDVFeSMr7im

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6e1bfbda21cf3b64c1f3bceb27bcf564_JaffaCakes118

    • Size

      248KB

    • MD5

      6e1bfbda21cf3b64c1f3bceb27bcf564

    • SHA1

      9bd1631fac635a902d96e46823508d5360e4a4f1

    • SHA256

      d10761f462c8413fd12d9b24cb9a03d6c6a28ae28689e11c6ef6929e67043201

    • SHA512

      f2c430a52e92a92f87bfdda704236abcaa35a2b5568f26fe45a50b77bcb621c67f3008a7e451ce406f0267fa10baae18ca5a5f205cf29accd31b33886adcb605

    • SSDEEP

      6144:7wT5O7pJmNB6dLY6dCnnsyZLHoaIyv6ocU/qxDS2xDWb3cw1:7P+NULZdCn3TbncU2D7Ab3

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks