General

  • Target

    794621c14fa86c1e52b02a657b23cebb_JaffaCakes118

  • Size

    546KB

  • Sample

    240730-vbzxjsygkr

  • MD5

    794621c14fa86c1e52b02a657b23cebb

  • SHA1

    6d174636bfa4736f802723992db5a43ae0ea18ec

  • SHA256

    1cfc1f6dbffcd05664c167b043acc6d207d41413ef58a08893725e0f102f8ce0

  • SHA512

    635bfdecf2126b869a01fa3a52fd417ac9be87f160a526d020946585d00f0520f2692e33917f8ea3f26d501502cd6da42e99191d670c9a81d874526183319b31

  • SSDEEP

    6144:pbTcespEX1zZOOrlr9UfQbcWX+QG8mYye2ZlCbbip0WtAY2BShxAQ6KbZrDyIe+I:pbTp1VOZnWOZ8mYtn/W1L2BM6gTeqdB4

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Extracted

Family

darkcomet

Botnet

Guest16

C2

10.0.0.2:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    ykRtJK3AxY8C

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      794621c14fa86c1e52b02a657b23cebb_JaffaCakes118

    • Size

      546KB

    • MD5

      794621c14fa86c1e52b02a657b23cebb

    • SHA1

      6d174636bfa4736f802723992db5a43ae0ea18ec

    • SHA256

      1cfc1f6dbffcd05664c167b043acc6d207d41413ef58a08893725e0f102f8ce0

    • SHA512

      635bfdecf2126b869a01fa3a52fd417ac9be87f160a526d020946585d00f0520f2692e33917f8ea3f26d501502cd6da42e99191d670c9a81d874526183319b31

    • SSDEEP

      6144:pbTcespEX1zZOOrlr9UfQbcWX+QG8mYye2ZlCbbip0WtAY2BShxAQ6KbZrDyIe+I:pbTp1VOZnWOZ8mYtn/W1L2BM6gTeqdB4

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks