General

  • Target

    7eeef1990b0a4af6b465c10a86880b66_JaffaCakes118

  • Size

    384KB

  • Sample

    240801-dhr2vashlh

  • MD5

    7eeef1990b0a4af6b465c10a86880b66

  • SHA1

    b4f69cb08bcd395a2c7bce52a61e13d78ee6fd8c

  • SHA256

    50468539cb23b07d310e2a1de807662e57715bd844d6d2aa3be7d7fac7b87f01

  • SHA512

    3f4035d9f663d7812ead85960028bd25402e8667335353ae8f49cda35db6785c9e907f0efdd6286c2d38522569f9f982c7c43f3c170cfebac747e6e3cb242af3

  • SSDEEP

    6144:gT+zyLfDv+c5yhqNM/s6OL06yVn61oTdWfOgXGebZM/EWhx+DHGnxZ:gT+zeDVAhqIzWwuoTLgXhVM/EK4Dmj

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    pYHN7iXDsAb9

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7eeef1990b0a4af6b465c10a86880b66_JaffaCakes118

    • Size

      384KB

    • MD5

      7eeef1990b0a4af6b465c10a86880b66

    • SHA1

      b4f69cb08bcd395a2c7bce52a61e13d78ee6fd8c

    • SHA256

      50468539cb23b07d310e2a1de807662e57715bd844d6d2aa3be7d7fac7b87f01

    • SHA512

      3f4035d9f663d7812ead85960028bd25402e8667335353ae8f49cda35db6785c9e907f0efdd6286c2d38522569f9f982c7c43f3c170cfebac747e6e3cb242af3

    • SSDEEP

      6144:gT+zyLfDv+c5yhqNM/s6OL06yVn61oTdWfOgXGebZM/EWhx+DHGnxZ:gT+zeDVAhqIzWwuoTLgXhVM/EK4Dmj

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks