General

  • Target

    8ba73e50e6ade28e72f395b398fb74c3_JaffaCakes118

  • Size

    450KB

  • Sample

    240811-x265natfjk

  • MD5

    8ba73e50e6ade28e72f395b398fb74c3

  • SHA1

    b2d76baf1d3fa2e195866a1775c366bdee1704cb

  • SHA256

    6bb1cd6bd59c60ecf98964c5d916d058724e684e6acf53e4094191af6df0f3be

  • SHA512

    afc7465a3cb3022c12d5a8532eb462ec42661f7f4371afbdb9cc287e82ac847b6f29a4a1b187fcbdb9ff825dce6b88b970b630143bdfdf5db94a8fe4917a3752

  • SSDEEP

    12288:qzoKMqSPFnu2wr0B/o6r3f9AfXiyliZOi8:FKMqqdurIB/93f7y8Qi

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

qaz3.no-ip.info:81

Mutex

DC_MUTEX-H49DYYJ

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    NWSuYEBfbuDN

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      8ba73e50e6ade28e72f395b398fb74c3_JaffaCakes118

    • Size

      450KB

    • MD5

      8ba73e50e6ade28e72f395b398fb74c3

    • SHA1

      b2d76baf1d3fa2e195866a1775c366bdee1704cb

    • SHA256

      6bb1cd6bd59c60ecf98964c5d916d058724e684e6acf53e4094191af6df0f3be

    • SHA512

      afc7465a3cb3022c12d5a8532eb462ec42661f7f4371afbdb9cc287e82ac847b6f29a4a1b187fcbdb9ff825dce6b88b970b630143bdfdf5db94a8fe4917a3752

    • SSDEEP

      12288:qzoKMqSPFnu2wr0B/o6r3f9AfXiyliZOi8:FKMqqdurIB/93f7y8Qi

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks