General

  • Target

    923961d4ea28fb0c030698bef31c698a_JaffaCakes118

  • Size

    671KB

  • Sample

    240813-jwhyzsxann

  • MD5

    923961d4ea28fb0c030698bef31c698a

  • SHA1

    658f52218b17840372f414147fc41b9401016937

  • SHA256

    5023af4b5a13c1032520bfcddad7afc344fbcd99c8368fcfa021cd82fbeae258

  • SHA512

    7b797c6023b34015c207d0603cd0bf4dd6966b8ae0dee42ec8b93a8dae2967dc379921730460316381fddabbdfaee435e7a77a9f1bbe66b47035420f0690c566

  • SSDEEP

    12288:mLwZ+DPllJVFVMedf6FhnNJpX8oxfyy4bBap6vBkvmCKhp6VM6aK61p/Z82q:mUZAtf6ZX1xfQ4p4kvmp7K61pBq

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

109.58.74.208:80

Mutex

DC_MUTEX-SRVLLNR

Attributes
  • gencode

    s46AfkVFZAfJ

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      923961d4ea28fb0c030698bef31c698a_JaffaCakes118

    • Size

      671KB

    • MD5

      923961d4ea28fb0c030698bef31c698a

    • SHA1

      658f52218b17840372f414147fc41b9401016937

    • SHA256

      5023af4b5a13c1032520bfcddad7afc344fbcd99c8368fcfa021cd82fbeae258

    • SHA512

      7b797c6023b34015c207d0603cd0bf4dd6966b8ae0dee42ec8b93a8dae2967dc379921730460316381fddabbdfaee435e7a77a9f1bbe66b47035420f0690c566

    • SSDEEP

      12288:mLwZ+DPllJVFVMedf6FhnNJpX8oxfyy4bBap6vBkvmCKhp6VM6aK61p/Z82q:mUZAtf6ZX1xfQ4p4kvmp7K61pBq

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks