General

  • Target

    7253ad33d2d9a51ffb60d60ca8584d93_JaffaCakes118

  • Size

    346KB

  • Sample

    240726-dc4hpaverg

  • MD5

    7253ad33d2d9a51ffb60d60ca8584d93

  • SHA1

    c92e405430cd7c1c0645ba1f5eaeb7451fcd2f46

  • SHA256

    3fdfe6c123d2336a3b3b22e9d3d3b8e8cf04ea83c4541130e0b114e5e60fda04

  • SHA512

    ca76c86abdbbfef06275c083b1a778dbdf1b2bd3aa08c190cfe46ae3a116943a28d48728b48e63842c9459e610994a06b4a6b0183a1c68fd78de6f178fa7a499

  • SSDEEP

    6144:6CQFJAj4FIVHnEGlN9hoOTvWlxtHCzNT39X+7gdQT:DGJn+ttlNf7T+qNTggdg

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-7KD1CXS

Attributes
  • gencode

    nmQ50DW5wiou

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7253ad33d2d9a51ffb60d60ca8584d93_JaffaCakes118

    • Size

      346KB

    • MD5

      7253ad33d2d9a51ffb60d60ca8584d93

    • SHA1

      c92e405430cd7c1c0645ba1f5eaeb7451fcd2f46

    • SHA256

      3fdfe6c123d2336a3b3b22e9d3d3b8e8cf04ea83c4541130e0b114e5e60fda04

    • SHA512

      ca76c86abdbbfef06275c083b1a778dbdf1b2bd3aa08c190cfe46ae3a116943a28d48728b48e63842c9459e610994a06b4a6b0183a1c68fd78de6f178fa7a499

    • SSDEEP

      6144:6CQFJAj4FIVHnEGlN9hoOTvWlxtHCzNT39X+7gdQT:DGJn+ttlNf7T+qNTggdg

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks