General

  • Target

    7abce059de0e670f62c2f54a17b1b608_JaffaCakes118

  • Size

    341KB

  • Sample

    240731-bqkavstcjf

  • MD5

    7abce059de0e670f62c2f54a17b1b608

  • SHA1

    11dfefbf4b7ebf5a782306f01767db1dccc2ff47

  • SHA256

    ae0f609a73fa287f0f63069b6b4c2d9a2ba6d41619bdab1b2f26930de4247fcc

  • SHA512

    1dd14672c90822eb87ad6f7122d5ffaf19f5a58c0d4c6166498b16d3e3b82e3642abc3c247d9436ace98942b656155bbb150062721099909b13ca4eb41114f23

  • SSDEEP

    6144:gyWABddALAHX4E/+NexHRJH9aEULwv9mpR+niWItgF8Yr6m:gqdWio/NmHrHMEUL3/IFLr6m

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

109.167.96.17:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    uv4QTrck2i1B

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7abce059de0e670f62c2f54a17b1b608_JaffaCakes118

    • Size

      341KB

    • MD5

      7abce059de0e670f62c2f54a17b1b608

    • SHA1

      11dfefbf4b7ebf5a782306f01767db1dccc2ff47

    • SHA256

      ae0f609a73fa287f0f63069b6b4c2d9a2ba6d41619bdab1b2f26930de4247fcc

    • SHA512

      1dd14672c90822eb87ad6f7122d5ffaf19f5a58c0d4c6166498b16d3e3b82e3642abc3c247d9436ace98942b656155bbb150062721099909b13ca4eb41114f23

    • SSDEEP

      6144:gyWABddALAHX4E/+NexHRJH9aEULwv9mpR+niWItgF8Yr6m:gqdWio/NmHrHMEUL3/IFLr6m

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks