General

  • Target

    8c93b05bc459efb9de9091ac7c6c7072_JaffaCakes118

  • Size

    694KB

  • Sample

    240812-amqg2awdrq

  • MD5

    8c93b05bc459efb9de9091ac7c6c7072

  • SHA1

    caa1ed147c532a61fcfa5696917319ce5ca5090d

  • SHA256

    6c58dff043ecc6ba7477f7c4c12d5f3b162d5bae6cf56fffbc5e796b54952a67

  • SHA512

    7cb7865e5b6efe7f6a62c2a393e3f816b7e6f85faee7df8dd25eeb016fdcf5e3904dec9ee6ebb5bb3d6e455b094c1c39e325174b2f14d70bf4dff7d281b48bc9

  • SSDEEP

    12288:HX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/eG0:3ss2Sm39NNv9wY7tHwbzfIoK6Moe

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-DZPY8UN

Attributes
  • gencode

    31g2VbLiT8xv

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      8c93b05bc459efb9de9091ac7c6c7072_JaffaCakes118

    • Size

      694KB

    • MD5

      8c93b05bc459efb9de9091ac7c6c7072

    • SHA1

      caa1ed147c532a61fcfa5696917319ce5ca5090d

    • SHA256

      6c58dff043ecc6ba7477f7c4c12d5f3b162d5bae6cf56fffbc5e796b54952a67

    • SHA512

      7cb7865e5b6efe7f6a62c2a393e3f816b7e6f85faee7df8dd25eeb016fdcf5e3904dec9ee6ebb5bb3d6e455b094c1c39e325174b2f14d70bf4dff7d281b48bc9

    • SSDEEP

      12288:HX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/eG0:3ss2Sm39NNv9wY7tHwbzfIoK6Moe

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks