General

  • Target

    897bac2ec0b4a05efa4cb40c86308325_JaffaCakes118

  • Size

    526KB

  • Sample

    240811-h4z2sszfqk

  • MD5

    897bac2ec0b4a05efa4cb40c86308325

  • SHA1

    84c835b97e27f9b3960a585290fa48456785eaf8

  • SHA256

    7692e809bada2d60b1c696836268a1fca2cadb7aca9d455d2425968307f0beb7

  • SHA512

    1a768a73eccfcb8f32a7854e242ce331b531d5623ad2e0dfbd059bacc98232f90da080d80fa0f19268f1e75288f8619a9ea25c8a8ca6f4093ce194b1294bb30f

  • SSDEEP

    6144:lOKu7aMfaoa1tNVzgbJuUGvhV6uWCxhFSB5K:lPu7aj1tNrlhVDDhFSB5

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-PDCTFY1

Attributes
  • gencode

    14ztnvlhgltf

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      897bac2ec0b4a05efa4cb40c86308325_JaffaCakes118

    • Size

      526KB

    • MD5

      897bac2ec0b4a05efa4cb40c86308325

    • SHA1

      84c835b97e27f9b3960a585290fa48456785eaf8

    • SHA256

      7692e809bada2d60b1c696836268a1fca2cadb7aca9d455d2425968307f0beb7

    • SHA512

      1a768a73eccfcb8f32a7854e242ce331b531d5623ad2e0dfbd059bacc98232f90da080d80fa0f19268f1e75288f8619a9ea25c8a8ca6f4093ce194b1294bb30f

    • SSDEEP

      6144:lOKu7aMfaoa1tNVzgbJuUGvhV6uWCxhFSB5K:lPu7aj1tNrlhVDDhFSB5

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks