General

  • Target

    795524a907a4dbc2da64cd1adc05a937_JaffaCakes118

  • Size

    911KB

  • Sample

    240730-vppnqstflb

  • MD5

    795524a907a4dbc2da64cd1adc05a937

  • SHA1

    6e9c7a36893a4a99bfba6a70370a735f68feb776

  • SHA256

    b6d774f32aeef2ca1da256b632e71d4c05d0e2a185c8caafbe1b145cf0cdf89d

  • SHA512

    52814ca0421defcebce1271d8f28e84d84b82a187de42bc90950c8a7912300a41b7be6654842c767f1a3582eebd6dbbad6f46d88ce48872c5211d34eb0a5e702

  • SSDEEP

    12288:lBOfsQoumCC4WnqLdsNm/CahWxn8rQdjU2zQiWfLFTmEyuPXe6N+x3/Ds4IM:lBQsQbmSMqLY9Lxn8ruKbTmEyQ+x3d

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rstown123.no-ip.biz:3081

127.0.0.1:3081

Mutex

DC_MUTEX-RMDNQLX

Attributes
  • gencode

    xglDrK2gwChT

  • install

    false

  • offline_keylogger

    false

  • password

    180125

  • persistence

    false

Targets

    • Target

      795524a907a4dbc2da64cd1adc05a937_JaffaCakes118

    • Size

      911KB

    • MD5

      795524a907a4dbc2da64cd1adc05a937

    • SHA1

      6e9c7a36893a4a99bfba6a70370a735f68feb776

    • SHA256

      b6d774f32aeef2ca1da256b632e71d4c05d0e2a185c8caafbe1b145cf0cdf89d

    • SHA512

      52814ca0421defcebce1271d8f28e84d84b82a187de42bc90950c8a7912300a41b7be6654842c767f1a3582eebd6dbbad6f46d88ce48872c5211d34eb0a5e702

    • SSDEEP

      12288:lBOfsQoumCC4WnqLdsNm/CahWxn8rQdjU2zQiWfLFTmEyuPXe6N+x3/Ds4IM:lBQsQbmSMqLY9Lxn8ruKbTmEyQ+x3d

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks