General

  • Target

    746f7391381312f198f1503a294cac3e_JaffaCakes118

  • Size

    785KB

  • Sample

    240726-rq6rvstbjl

  • MD5

    746f7391381312f198f1503a294cac3e

  • SHA1

    b1cb209e1e4604e451100f59fbb323e8fbb8fe81

  • SHA256

    02b8b255bad9a0b4011b531e830008a0abf02d501f5339a05ecc25e161d5eb75

  • SHA512

    3127d6a750f0896e8cd4cbe1058f39d06633cbcea9e95c94462200f48210d73904fb5e003af296d2d05db7df1ed9264cb5804b0a9f748996f54359e09c9e702a

  • SSDEEP

    24576:PT4H9LNgqq/29Obvmt0A5OzmKtNmG/b3rt8VlllXZ1D:PT4jgDbDmt06IEVlllXD

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-5HZDY0Z

Attributes
  • gencode

    punQMW272CsU

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      746f7391381312f198f1503a294cac3e_JaffaCakes118

    • Size

      785KB

    • MD5

      746f7391381312f198f1503a294cac3e

    • SHA1

      b1cb209e1e4604e451100f59fbb323e8fbb8fe81

    • SHA256

      02b8b255bad9a0b4011b531e830008a0abf02d501f5339a05ecc25e161d5eb75

    • SHA512

      3127d6a750f0896e8cd4cbe1058f39d06633cbcea9e95c94462200f48210d73904fb5e003af296d2d05db7df1ed9264cb5804b0a9f748996f54359e09c9e702a

    • SSDEEP

      24576:PT4H9LNgqq/29Obvmt0A5OzmKtNmG/b3rt8VlllXZ1D:PT4jgDbDmt06IEVlllXD

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks