General

  • Target

    783228e4511a604bde1a2d863e8d746a_JaffaCakes118

  • Size

    991KB

  • Sample

    240727-pjptnasemb

  • MD5

    783228e4511a604bde1a2d863e8d746a

  • SHA1

    15a54638fde5341d5f8c99b83dc01440e1f08186

  • SHA256

    eb6d07ce6029606286f9aeb7f24ee2be7d6b8cdb34bb661e80411c3efa2aabd2

  • SHA512

    7ea1b26c51a8c5a3f6edd8d65b913a487bff0c1d7ebd4d76c341fa22a932844529d0e6ae890189bb325f46d323895910f97f5fc1263a7f004b0653849ef63fb8

  • SSDEEP

    24576:ZoIjIbgyLC4t5467uOkG7Rcjd4W3QGnBfilDoB6hoT9:J8bdLZ54nOFR6f37ssB6o

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-NHG2G4Q

Attributes
  • gencode

    BtmRRkxeailp

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      783228e4511a604bde1a2d863e8d746a_JaffaCakes118

    • Size

      991KB

    • MD5

      783228e4511a604bde1a2d863e8d746a

    • SHA1

      15a54638fde5341d5f8c99b83dc01440e1f08186

    • SHA256

      eb6d07ce6029606286f9aeb7f24ee2be7d6b8cdb34bb661e80411c3efa2aabd2

    • SHA512

      7ea1b26c51a8c5a3f6edd8d65b913a487bff0c1d7ebd4d76c341fa22a932844529d0e6ae890189bb325f46d323895910f97f5fc1263a7f004b0653849ef63fb8

    • SSDEEP

      24576:ZoIjIbgyLC4t5467uOkG7Rcjd4W3QGnBfilDoB6hoT9:J8bdLZ54nOFR6f37ssB6o

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks