General

  • Target

    7d6816ca8761c9611542c326105efbbf_JaffaCakes118

  • Size

    708KB

  • Sample

    240731-wk1qwa1cnh

  • MD5

    7d6816ca8761c9611542c326105efbbf

  • SHA1

    8ad553cd6ee105cf6050b8017ecf88319fc4ff8c

  • SHA256

    f37dc2aab4817b85c6b2caf9c5ed0790d4613fd9248207c7c37270c13aafed4c

  • SHA512

    3d62ec55922034b43828ad2232b89b72db0a08af7bcff1047ed27c6174f18ddb6e76f7433584e02e548abcdd2eb77d143ef8d3dce744fc18d667a2d85764b853

  • SSDEEP

    12288:GkgiBS7Q7MKrOtxf+zbp6+rZg5vqxsIM3Ep5DPEL1Corj5pRXQhYuRv86:ZV8U7MVxIFbZgpqfR5o3j5PACyj

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

mynet.m3th.org:8745

Mutex

DC_MUTEX-2AE3ZR7

Attributes
  • gencode

    MRTgxCEg0e7q

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7d6816ca8761c9611542c326105efbbf_JaffaCakes118

    • Size

      708KB

    • MD5

      7d6816ca8761c9611542c326105efbbf

    • SHA1

      8ad553cd6ee105cf6050b8017ecf88319fc4ff8c

    • SHA256

      f37dc2aab4817b85c6b2caf9c5ed0790d4613fd9248207c7c37270c13aafed4c

    • SHA512

      3d62ec55922034b43828ad2232b89b72db0a08af7bcff1047ed27c6174f18ddb6e76f7433584e02e548abcdd2eb77d143ef8d3dce744fc18d667a2d85764b853

    • SSDEEP

      12288:GkgiBS7Q7MKrOtxf+zbp6+rZg5vqxsIM3Ep5DPEL1Corj5pRXQhYuRv86:ZV8U7MVxIFbZgpqfR5o3j5PACyj

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks