General

  • Target

    9203b9fc85b3b9c2c83bd40daf6c4bff_JaffaCakes118

  • Size

    649KB

  • Sample

    240813-hkbj4aygrh

  • MD5

    9203b9fc85b3b9c2c83bd40daf6c4bff

  • SHA1

    73492d63979bcab3c11cc56a08e16f6f123b51c5

  • SHA256

    20be5ee76baa17e8603688b37f7c6a794bfeed3cec3e3f750f994a63ab010b5e

  • SHA512

    9679670beb17517c360c499a473a5d4fbac77b926e4dd1b5ebaab6cb41bc5ad313aa9b64aa949ca9cbf4dcecdc7fefe51c5a2bb27c4271b1ff0a109296370558

  • SSDEEP

    12288:7k0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+q:w0QRWoJEfg0oChGdJQbjPbNW5tYeP+GD

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

khmissa.zapto.org:1604

Mutex

DC_MUTEX-0AUS214

Attributes
  • gencode

    ZFeygA5CkBe4

  • install

    false

  • offline_keylogger

    true

  • password

    0000000000

  • persistence

    false

Targets

    • Target

      9203b9fc85b3b9c2c83bd40daf6c4bff_JaffaCakes118

    • Size

      649KB

    • MD5

      9203b9fc85b3b9c2c83bd40daf6c4bff

    • SHA1

      73492d63979bcab3c11cc56a08e16f6f123b51c5

    • SHA256

      20be5ee76baa17e8603688b37f7c6a794bfeed3cec3e3f750f994a63ab010b5e

    • SHA512

      9679670beb17517c360c499a473a5d4fbac77b926e4dd1b5ebaab6cb41bc5ad313aa9b64aa949ca9cbf4dcecdc7fefe51c5a2bb27c4271b1ff0a109296370558

    • SSDEEP

      12288:7k0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+q:w0QRWoJEfg0oChGdJQbjPbNW5tYeP+GD

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Enterprise v15

Tasks