General

  • Target

    7f677399f0407c5793702d568ba49330_JaffaCakes118

  • Size

    260KB

  • Sample

    240801-gnb5csvgnk

  • MD5

    7f677399f0407c5793702d568ba49330

  • SHA1

    5bd829e9560da9ebfa9cd7f3e22cc0a7dbbac156

  • SHA256

    2d39b0d863865516d251b61ce3ca28faba474914083b61e1be42c6d98473da73

  • SHA512

    6d193be8cf6063a5345420994ee4892391e46e95824ac98c90c9bd05ef50e462bb484ff329ab865cea8d7e8b7c881140703c2ebcdd0befe535ac803c70f5364f

  • SSDEEP

    6144:m68OfwwAzqLhuHAUAD4qMKAHOC6SfUsx5sCTFSjiiEicrAuiTkt:m7zYMuGSSpxeC5SDEpsA

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F50HT52

Attributes
  • gencode

    C74KBqtxPbqB

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7f677399f0407c5793702d568ba49330_JaffaCakes118

    • Size

      260KB

    • MD5

      7f677399f0407c5793702d568ba49330

    • SHA1

      5bd829e9560da9ebfa9cd7f3e22cc0a7dbbac156

    • SHA256

      2d39b0d863865516d251b61ce3ca28faba474914083b61e1be42c6d98473da73

    • SHA512

      6d193be8cf6063a5345420994ee4892391e46e95824ac98c90c9bd05ef50e462bb484ff329ab865cea8d7e8b7c881140703c2ebcdd0befe535ac803c70f5364f

    • SSDEEP

      6144:m68OfwwAzqLhuHAUAD4qMKAHOC6SfUsx5sCTFSjiiEicrAuiTkt:m7zYMuGSSpxeC5SDEpsA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks