General

  • Target

    8f716715b6528a8de1c93b471f1713e3_JaffaCakes118

  • Size

    570KB

  • Sample

    240812-tyaeqstcqa

  • MD5

    8f716715b6528a8de1c93b471f1713e3

  • SHA1

    3939007bc1899f0ed0335736984f244134cae2fe

  • SHA256

    221a5759dffa5325ae3eb23b0bb52b35c11f966dd4f3c69d9288f0fb84906bd5

  • SHA512

    55b721db317f0137c009d6842152c035cfff748f5bf6036e4f8db039a404dbf41df671f6a117542815e9a36069c163359c67da2fc4da0b15e003ce3b18cc511d

  • SSDEEP

    12288:lcfcW7KEZlPzCy37n4FPc7KXWgGg6PuIWfLsR+O:aKiRzC0n8Pc7aWFPuIWNO

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:288

Mutex

DC_MUTEX-1W2FMZA

Attributes
  • gencode

    hf15xnp50LgJ

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      8f716715b6528a8de1c93b471f1713e3_JaffaCakes118

    • Size

      570KB

    • MD5

      8f716715b6528a8de1c93b471f1713e3

    • SHA1

      3939007bc1899f0ed0335736984f244134cae2fe

    • SHA256

      221a5759dffa5325ae3eb23b0bb52b35c11f966dd4f3c69d9288f0fb84906bd5

    • SHA512

      55b721db317f0137c009d6842152c035cfff748f5bf6036e4f8db039a404dbf41df671f6a117542815e9a36069c163359c67da2fc4da0b15e003ce3b18cc511d

    • SSDEEP

      12288:lcfcW7KEZlPzCy37n4FPc7KXWgGg6PuIWfLsR+O:aKiRzC0n8Pc7aWFPuIWNO

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks