General

  • Target

    759659ac9816a28383faeda799b1e6de_JaffaCakes118

  • Size

    681KB

  • Sample

    240726-y7zhfasfql

  • MD5

    759659ac9816a28383faeda799b1e6de

  • SHA1

    465fd31c664f9766c87bfadf1c147259d8579c37

  • SHA256

    11ab6ac3b489b6662c7b638e3e94db436bcac428ce8260b3428611ed600afdc5

  • SHA512

    617703e33122f6d81910a21829f44dc0116729fdea39fa11085bef95e22191b5f43e4eb2fa88eca1085042e5562ea385479216005a5ff359fc66b06ddacad590

  • SSDEEP

    12288:S+SRRw04j29U9RpijpJDKQ4LP/6NRJ03k4IgKHxqr4M2GbIZv2/vxpgNM11sab2F:i94/Rp20/6ghPKHM2Z23xeW1ai2lgxo

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hakimzaio1.no-ip.biz:1604

Mutex

DC_MUTEX-209H53N

Attributes
  • gencode

    PkcUmjfCvV9f

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      759659ac9816a28383faeda799b1e6de_JaffaCakes118

    • Size

      681KB

    • MD5

      759659ac9816a28383faeda799b1e6de

    • SHA1

      465fd31c664f9766c87bfadf1c147259d8579c37

    • SHA256

      11ab6ac3b489b6662c7b638e3e94db436bcac428ce8260b3428611ed600afdc5

    • SHA512

      617703e33122f6d81910a21829f44dc0116729fdea39fa11085bef95e22191b5f43e4eb2fa88eca1085042e5562ea385479216005a5ff359fc66b06ddacad590

    • SSDEEP

      12288:S+SRRw04j29U9RpijpJDKQ4LP/6NRJ03k4IgKHxqr4M2GbIZv2/vxpgNM11sab2F:i94/Rp20/6ghPKHM2Z23xeW1ai2lgxo

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks