General

  • Target

    7459dabde9a71618f63bde5999c81138_JaffaCakes118

  • Size

    343KB

  • Sample

    240726-q9zbfssanq

  • MD5

    7459dabde9a71618f63bde5999c81138

  • SHA1

    244848e90107432bda5e929993193df7244dd724

  • SHA256

    cc412889e3b6f4c3eb2935e2378d72f4b22949ed62024b53d401856b64facdc2

  • SHA512

    35ff9ac4ae4dbd75707e309f82c42d48c9bcc26ca863d849a9143a6e13474c8b147c38c04359a1da777be35ccdc28b8074e2ca910c86586914028e038a27bd4d

  • SSDEEP

    6144:JQ/W2mGZyRhTXMBCqyh7tP7H7xV1tBMDheWJ0S+x:JQODGIYBCjh7V7HFV1tCVnJ07x

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

loveayada.zapto.org:443

Mutex

DC_MUTEX-ZNQTKSY

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    hqypCTfXL65a

  • install

    true

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      7459dabde9a71618f63bde5999c81138_JaffaCakes118

    • Size

      343KB

    • MD5

      7459dabde9a71618f63bde5999c81138

    • SHA1

      244848e90107432bda5e929993193df7244dd724

    • SHA256

      cc412889e3b6f4c3eb2935e2378d72f4b22949ed62024b53d401856b64facdc2

    • SHA512

      35ff9ac4ae4dbd75707e309f82c42d48c9bcc26ca863d849a9143a6e13474c8b147c38c04359a1da777be35ccdc28b8074e2ca910c86586914028e038a27bd4d

    • SSDEEP

      6144:JQ/W2mGZyRhTXMBCqyh7tP7H7xV1tBMDheWJ0S+x:JQODGIYBCjh7V7HFV1tCVnJ07x

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks