General

  • Target

    8b30c499eaed4ad619c1662029560df8_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240811-vf3h8ssgjh

  • MD5

    8b30c499eaed4ad619c1662029560df8

  • SHA1

    a58c9c4517653d76f9bf782367bc6b650e6ba1f1

  • SHA256

    6c1e71d8911cb2a9443171f38282090d9732404e7b34724f10356c7f51de7f62

  • SHA512

    c97458a5665f7f62074fcf0f69c9e83403f54e94b606deec11c18c65abb7cf68d7e5e673ad70ce1efcee2c2622278cd3cbea450217139d35953d71a3f73cd56f

  • SSDEEP

    49152:82/TQc0kxannkOtRN2NwwyYFFJfn9yNVf/Gk:82akAnbRYNTVtfkV3N

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

24.146.156.183:1604

Mutex

DC_MUTEX-KG3ESDK

Attributes
  • InstallPath

    WindowsServerMSDCSC\msdcsc.exe

  • gencode

    ZnkbUqZvQNoh

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      8b30c499eaed4ad619c1662029560df8_JaffaCakes118

    • Size

      2.1MB

    • MD5

      8b30c499eaed4ad619c1662029560df8

    • SHA1

      a58c9c4517653d76f9bf782367bc6b650e6ba1f1

    • SHA256

      6c1e71d8911cb2a9443171f38282090d9732404e7b34724f10356c7f51de7f62

    • SHA512

      c97458a5665f7f62074fcf0f69c9e83403f54e94b606deec11c18c65abb7cf68d7e5e673ad70ce1efcee2c2622278cd3cbea450217139d35953d71a3f73cd56f

    • SSDEEP

      49152:82/TQc0kxannkOtRN2NwwyYFFJfn9yNVf/Gk:82akAnbRYNTVtfkV3N

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Disables Task Manager via registry modification

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks