General

  • Target

    7e39b75cfb9bf100c278d836f195c976_JaffaCakes118

  • Size

    235KB

  • Sample

    240731-2mpz2sxcmr

  • MD5

    7e39b75cfb9bf100c278d836f195c976

  • SHA1

    20371839ffc67e51c7098a559eb4e169eb7634d0

  • SHA256

    fc7b749f4b9d3e0a4778fa7d9c1294fe692d6904d14d9583682c344d80594d2a

  • SHA512

    88b4e8de71352a43ee31457955d7769dcd6926af3dfd4d857f44e4c8ad3df1da1e76bef4e66851dbc47be78bc1c4b4e1cca2b336e68a86e53ef605c18ca0a013

  • SSDEEP

    3072:iY/ygXnCQUYy9yxhjrSsplyU5iHquGbT47mJaCki/q/7NRgOYromMD8goZ9yz28q:iYLtU7Ixhnhz5TN6mJWd/7qMD8gmggf

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

themagician1970.no-ip.org:81

Mutex

DC_MUTEX-3UC1ZGZ

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    1UzPYfvG7H1j

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      7e39b75cfb9bf100c278d836f195c976_JaffaCakes118

    • Size

      235KB

    • MD5

      7e39b75cfb9bf100c278d836f195c976

    • SHA1

      20371839ffc67e51c7098a559eb4e169eb7634d0

    • SHA256

      fc7b749f4b9d3e0a4778fa7d9c1294fe692d6904d14d9583682c344d80594d2a

    • SHA512

      88b4e8de71352a43ee31457955d7769dcd6926af3dfd4d857f44e4c8ad3df1da1e76bef4e66851dbc47be78bc1c4b4e1cca2b336e68a86e53ef605c18ca0a013

    • SSDEEP

      3072:iY/ygXnCQUYy9yxhjrSsplyU5iHquGbT47mJaCki/q/7NRgOYromMD8goZ9yz28q:iYLtU7Ixhnhz5TN6mJWd/7qMD8gmggf

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Windows security bypass

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks