General

  • Target

    8399e22a618497da4fb73205fdecebcd_JaffaCakes118

  • Size

    644KB

  • Sample

    240809-z9pxfszcpr

  • MD5

    8399e22a618497da4fb73205fdecebcd

  • SHA1

    7ead998adc1969b7917195e76188bbce7f1c6f4a

  • SHA256

    022e216bc025cf6c4dd9b478f81bf6290b933ec78488696f7a9b88199d7739a0

  • SHA512

    3e5de840115b3c33dc1b384d3353a8ac933259836cd83c1333e71dde3e6c08a69cd91134903c12ad40b44356c60cbdc077f5fbecc16d43c17cb386dd48becf05

  • SSDEEP

    12288:IJdTK+HwbCV94hNQNxfKnvHz50gOVyajK1TTHEB18GmWjApG:IJTh/svHCg2yaSTHq8Pt8

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

mw2511.no-ip.info:1604

Mutex

DC_MUTEX-TC9QD01

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    kWFty2jHXpbm

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    MicroUpdate

Targets

    • Target

      8399e22a618497da4fb73205fdecebcd_JaffaCakes118

    • Size

      644KB

    • MD5

      8399e22a618497da4fb73205fdecebcd

    • SHA1

      7ead998adc1969b7917195e76188bbce7f1c6f4a

    • SHA256

      022e216bc025cf6c4dd9b478f81bf6290b933ec78488696f7a9b88199d7739a0

    • SHA512

      3e5de840115b3c33dc1b384d3353a8ac933259836cd83c1333e71dde3e6c08a69cd91134903c12ad40b44356c60cbdc077f5fbecc16d43c17cb386dd48becf05

    • SSDEEP

      12288:IJdTK+HwbCV94hNQNxfKnvHz50gOVyajK1TTHEB18GmWjApG:IJTh/svHCg2yaSTHq8Pt8

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks