General

  • Target

    807db56ebe8ed9ccbcc7f74e531d3031_JaffaCakes118

  • Size

    532KB

  • Sample

    240801-pjnatsvclh

  • MD5

    807db56ebe8ed9ccbcc7f74e531d3031

  • SHA1

    2e7578b9e9f0cc87dba222f23c93ed792a39c4c1

  • SHA256

    f7ee8851507a15aba2a9b9cbfb46e5a4aaa70c900c496409a79433ddeb9fbe29

  • SHA512

    3ef37f25d8a380af75c4222acbb3c1d4c5ec8925f2207cd642cfc49b7ca17fd7ad7c05fd2b9618a0c964f81d272db6d697c84644ff57a1aa10b46d3b42ac31ab

  • SSDEEP

    12288:neJMKa8NSOGmIq1SFToJJhvdv/z1gzF9zZijkiT9+:e+KaMSO6qMFTibBL152

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

drgh.no-ip.biz:1604

Mutex

DC_MUTEX-JRUALJP

Attributes
  • gencode

    z4pSQ6YBTt5f

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

Targets

    • Target

      807db56ebe8ed9ccbcc7f74e531d3031_JaffaCakes118

    • Size

      532KB

    • MD5

      807db56ebe8ed9ccbcc7f74e531d3031

    • SHA1

      2e7578b9e9f0cc87dba222f23c93ed792a39c4c1

    • SHA256

      f7ee8851507a15aba2a9b9cbfb46e5a4aaa70c900c496409a79433ddeb9fbe29

    • SHA512

      3ef37f25d8a380af75c4222acbb3c1d4c5ec8925f2207cd642cfc49b7ca17fd7ad7c05fd2b9618a0c964f81d272db6d697c84644ff57a1aa10b46d3b42ac31ab

    • SSDEEP

      12288:neJMKa8NSOGmIq1SFToJJhvdv/z1gzF9zZijkiT9+:e+KaMSO6qMFTibBL152

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Program crash

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks