General

  • Target

    7cfc2e8592972337a1a0b83343021e58_JaffaCakes118

  • Size

    687KB

  • Sample

    240731-s4qs8s1cnr

  • MD5

    7cfc2e8592972337a1a0b83343021e58

  • SHA1

    b21a87a45c71b5ceb4baee6677aab56ff3121dcb

  • SHA256

    c31db88d84c7354d133632b9f8353be4b2c72c3a6afbd96bbea7c375c54b2edb

  • SHA512

    0ec101287b7ec11f00e4540a024afd1553804fa2bcfab7cc148d1ce2abd6a3556078722b7bc0abe3e7d2b58a8e57295f9b20c4748f497771a7e7072833c67800

  • SSDEEP

    12288:wHU5IQOEPuR1jxV+9AtjyHzv1BUceUdCV9+rC3t/rZgVdocRJy9mn58Wxp3kVchg:wHU5VOEP0r1tqMQQVMrCtGYIJq8JMVc6

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

gharibb5.no-ip.biz:100

Mutex

DC_MUTEX-S6HBPMU

Attributes
  • gencode

    8KrEytga6ZnT

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7cfc2e8592972337a1a0b83343021e58_JaffaCakes118

    • Size

      687KB

    • MD5

      7cfc2e8592972337a1a0b83343021e58

    • SHA1

      b21a87a45c71b5ceb4baee6677aab56ff3121dcb

    • SHA256

      c31db88d84c7354d133632b9f8353be4b2c72c3a6afbd96bbea7c375c54b2edb

    • SHA512

      0ec101287b7ec11f00e4540a024afd1553804fa2bcfab7cc148d1ce2abd6a3556078722b7bc0abe3e7d2b58a8e57295f9b20c4748f497771a7e7072833c67800

    • SSDEEP

      12288:wHU5IQOEPuR1jxV+9AtjyHzv1BUceUdCV9+rC3t/rZgVdocRJy9mn58Wxp3kVchg:wHU5VOEP0r1tqMQQVMrCtGYIJq8JMVc6

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks