General

  • Target

    7b7e6897d405f41094508551477206c4_JaffaCakes118

  • Size

    728KB

  • Sample

    240731-grlg7szejl

  • MD5

    7b7e6897d405f41094508551477206c4

  • SHA1

    72368a864f7a5df7f694faecf78eba52a4d24a46

  • SHA256

    a858651b8cd66f203193a8cddc4163d6a0cf75afab7b4c5a6a554588295e9142

  • SHA512

    e5bed87dc39dec0cd8d847987cf1b5c6e63e3098cc5df9df8a58b56fb94f4d3925615585f71c755a30c468ffff18bcb4a639c6c50ca4b298452ac65f7e10776d

  • SSDEEP

    12288:jHMlozJlUnRmBTW9AVBp25nW3XxNeASo631QQqq+4xx9C+0MGc0fw5n4x7D9A:jHjlU4B/VHMWnqkKZcZ/DO

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

darkcon.zapto.org:512

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    EyfM4iNxatbr

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7b7e6897d405f41094508551477206c4_JaffaCakes118

    • Size

      728KB

    • MD5

      7b7e6897d405f41094508551477206c4

    • SHA1

      72368a864f7a5df7f694faecf78eba52a4d24a46

    • SHA256

      a858651b8cd66f203193a8cddc4163d6a0cf75afab7b4c5a6a554588295e9142

    • SHA512

      e5bed87dc39dec0cd8d847987cf1b5c6e63e3098cc5df9df8a58b56fb94f4d3925615585f71c755a30c468ffff18bcb4a639c6c50ca4b298452ac65f7e10776d

    • SSDEEP

      12288:jHMlozJlUnRmBTW9AVBp25nW3XxNeASo631QQqq+4xx9C+0MGc0fw5n4x7D9A:jHjlU4B/VHMWnqkKZcZ/DO

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks