General

  • Target

    7f347b9079914e2b786f23e9b9778e53_JaffaCakes118

  • Size

    892KB

  • Sample

    240801-fa4f1ssdnr

  • MD5

    7f347b9079914e2b786f23e9b9778e53

  • SHA1

    06668dbc349c609edfe39711eaf05fd93ce7ba24

  • SHA256

    b5b828946c3eaf9ba32f9ac9d954e2cc9795bd5d21881f91e661fd9133d64ce9

  • SHA512

    1fc2df8e34e41a0ed4652431614852639834da63e932e0a1aa87d56f5e094341c6baf97586ae718eff48cdaa51e2c46f158df8ffa73426c8fdebc7cb3e72ae11

  • SSDEEP

    12288:zw5wNzoYqZtfEJRplx8Y1tcDiYifuMPcWTb0vLwySQ5xH:zBGYkfGzVcDiYimM0DLwySQf

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    Nl2fmspeVP53

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7f347b9079914e2b786f23e9b9778e53_JaffaCakes118

    • Size

      892KB

    • MD5

      7f347b9079914e2b786f23e9b9778e53

    • SHA1

      06668dbc349c609edfe39711eaf05fd93ce7ba24

    • SHA256

      b5b828946c3eaf9ba32f9ac9d954e2cc9795bd5d21881f91e661fd9133d64ce9

    • SHA512

      1fc2df8e34e41a0ed4652431614852639834da63e932e0a1aa87d56f5e094341c6baf97586ae718eff48cdaa51e2c46f158df8ffa73426c8fdebc7cb3e72ae11

    • SSDEEP

      12288:zw5wNzoYqZtfEJRplx8Y1tcDiYifuMPcWTb0vLwySQ5xH:zBGYkfGzVcDiYimM0DLwySQf

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks