General

  • Target

    8881fad4ef99916951b8a005c92cfa39_JaffaCakes118

  • Size

    451KB

  • Sample

    240811-b4waaaygnr

  • MD5

    8881fad4ef99916951b8a005c92cfa39

  • SHA1

    22d3aaef5f6fbefa437df3f85f5958e20826a5aa

  • SHA256

    8c0e0467053925ee76dbe1ce21f808bc79d41266d45a97a1a74048b2c9a92369

  • SHA512

    564740b4d505e78da919efd514441ef15fb12b5b26adb958bc15d23bdae1e0609ed4a32b48fad8b462a6440ad97eb3f23aa7b22e8166ecc447a52197a8b7bff4

  • SSDEEP

    12288:RHmssKcYTCZRKVWzfaqVMzA+0fBjjxLal7MzQ5T4Fa:RdWYTCZ8VWzfalif1xLalQAJ

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-ZWHUFNS

Attributes
  • gencode

    EFeEV4Lastcu

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      8881fad4ef99916951b8a005c92cfa39_JaffaCakes118

    • Size

      451KB

    • MD5

      8881fad4ef99916951b8a005c92cfa39

    • SHA1

      22d3aaef5f6fbefa437df3f85f5958e20826a5aa

    • SHA256

      8c0e0467053925ee76dbe1ce21f808bc79d41266d45a97a1a74048b2c9a92369

    • SHA512

      564740b4d505e78da919efd514441ef15fb12b5b26adb958bc15d23bdae1e0609ed4a32b48fad8b462a6440ad97eb3f23aa7b22e8166ecc447a52197a8b7bff4

    • SSDEEP

      12288:RHmssKcYTCZRKVWzfaqVMzA+0fBjjxLal7MzQ5T4Fa:RdWYTCZ8VWzfalif1xLalQAJ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks