General

  • Target

    82d70437c1f62160cd4285876fbb37ff_JaffaCakes118

  • Size

    310KB

  • Sample

    240802-dtfsysxfkd

  • MD5

    82d70437c1f62160cd4285876fbb37ff

  • SHA1

    7359a23f907c57415041b294e67b68d00bc6a129

  • SHA256

    a3cad1520518d81cc9fa70b22a836f50f639dbb8596e21ed70136158e8d47701

  • SHA512

    98b46781f2adb890ab31b442c755e445fbaeac50dd7ad4e80fa9b344e5af500b8788d4db40d4e5af3fcf1b96f9dd67873bf68cf026fb3b131d4d083a458318b5

  • SSDEEP

    6144:nD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZkXittZn1UYM:nl8E4w5huat7UovONzbXwoXIFU9

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

brhoom1406.no-ip.org:1604

Mutex

DC_MUTEX-UN78W0H

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    UYbJQb0Dj7V3

  • install

    true

  • offline_keylogger

    true

  • password

    0566699323

  • persistence

    false

  • reg_key

    MicroUpdate

Targets

    • Target

      82d70437c1f62160cd4285876fbb37ff_JaffaCakes118

    • Size

      310KB

    • MD5

      82d70437c1f62160cd4285876fbb37ff

    • SHA1

      7359a23f907c57415041b294e67b68d00bc6a129

    • SHA256

      a3cad1520518d81cc9fa70b22a836f50f639dbb8596e21ed70136158e8d47701

    • SHA512

      98b46781f2adb890ab31b442c755e445fbaeac50dd7ad4e80fa9b344e5af500b8788d4db40d4e5af3fcf1b96f9dd67873bf68cf026fb3b131d4d083a458318b5

    • SSDEEP

      6144:nD7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZkXittZn1UYM:nl8E4w5huat7UovONzbXwoXIFU9

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks