General

  • Target

    92969ef07da41e4f6d640abe8386cce2_JaffaCakes118

  • Size

    1003KB

  • Sample

    240813-ly5a4s1hqq

  • MD5

    92969ef07da41e4f6d640abe8386cce2

  • SHA1

    4561685b1c9c2bc96caf825ea2c0a6e346cb7b32

  • SHA256

    b8e5176b23d7cf38feeb9a1839a37ce1a51ed3b958c81db7c70b4b4e63239c72

  • SHA512

    72e009884dde9cebac8494b341bb8d4df6377d353284aaf5604afeb295af6f7bffc9c83c52fad1f6b7c8b57d7cf4a4a6c60375bcc32e398720c6821c255f8c56

  • SSDEEP

    12288:igxnEybYDzia5HqVG2Xc9cRYBfoozHwC1qgdB/Cfv2XyTkKORtRWAsENB0GSEMkR:zB9XHR0Q4/CGXyTn7AsENBprMM9

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

xkillerxserver.no-ip.biz:1604

Mutex

DC_MUTEX-099JU55

Attributes
  • gencode

    r8wb6y83hZmw

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      92969ef07da41e4f6d640abe8386cce2_JaffaCakes118

    • Size

      1003KB

    • MD5

      92969ef07da41e4f6d640abe8386cce2

    • SHA1

      4561685b1c9c2bc96caf825ea2c0a6e346cb7b32

    • SHA256

      b8e5176b23d7cf38feeb9a1839a37ce1a51ed3b958c81db7c70b4b4e63239c72

    • SHA512

      72e009884dde9cebac8494b341bb8d4df6377d353284aaf5604afeb295af6f7bffc9c83c52fad1f6b7c8b57d7cf4a4a6c60375bcc32e398720c6821c255f8c56

    • SSDEEP

      12288:igxnEybYDzia5HqVG2Xc9cRYBfoozHwC1qgdB/Cfv2XyTkKORtRWAsENB0GSEMkR:zB9XHR0Q4/CGXyTn7AsENBprMM9

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks