General

  • Target

    79af4a993bfc9345366b49fa184d0ccb_JaffaCakes118

  • Size

    894KB

  • Sample

    240730-xsrnlsyblc

  • MD5

    79af4a993bfc9345366b49fa184d0ccb

  • SHA1

    577f8a6df1d4f08201b98f24a46cc34ae34b9c94

  • SHA256

    28b82770a796d1752afcb5154cdfc2f5782dfa40adfd524c15a602930d7e3225

  • SHA512

    432345891e90de4aa18423fa2679ee5996a45b061d85ada7988b26fa66bf18c14308a2bf519f9261cfec54ab0fc14c05d17b995c09f9a9a7e488c8741bf91da3

  • SSDEEP

    12288:tkJoSJu4GDfxuJwGGZe3FWnGcx2bng0koeqzHC2yza8mmo2tAKPEZd/Z+7w8fA7H:6HJuxr8wG8+AnvoeOE79rw/CkXe+

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-735QA2E

Attributes
  • gencode

    8JMyBMKmQSVq

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      79af4a993bfc9345366b49fa184d0ccb_JaffaCakes118

    • Size

      894KB

    • MD5

      79af4a993bfc9345366b49fa184d0ccb

    • SHA1

      577f8a6df1d4f08201b98f24a46cc34ae34b9c94

    • SHA256

      28b82770a796d1752afcb5154cdfc2f5782dfa40adfd524c15a602930d7e3225

    • SHA512

      432345891e90de4aa18423fa2679ee5996a45b061d85ada7988b26fa66bf18c14308a2bf519f9261cfec54ab0fc14c05d17b995c09f9a9a7e488c8741bf91da3

    • SSDEEP

      12288:tkJoSJu4GDfxuJwGGZe3FWnGcx2bng0koeqzHC2yza8mmo2tAKPEZd/Z+7w8fA7H:6HJuxr8wG8+AnvoeOE79rw/CkXe+

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks