General

  • Target

    97d99e2649633d38d514d81f1c711304_JaffaCakes118

  • Size

    668KB

  • Sample

    240814-1y6w9ssdqq

  • MD5

    97d99e2649633d38d514d81f1c711304

  • SHA1

    030d1e88a0a379e847e16a31f0148b89dfe40fe0

  • SHA256

    09aa7218c709f331ce61a9735d17c01e6de0547fdb586f88506e0f72df10596e

  • SHA512

    27bb129c6cb7ee188315b8a1238e59293e5f9750824ceca342ee7bd6d3bd415b8e314df45c91c7fa7456054e4519621312c0104ff62f5d9c871e1c7d6ee011a6

  • SSDEEP

    12288:Xe/RGF6VTXouQ441nRh3rRR10sofvlgfQ3XHBeoAY9/pGki0uUuW:u4Fc8L101gfQheb4pGkWUuW

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

ghoost-souf.no-ip.org:25000

Mutex

DC_MUTEX-3AUR441

Attributes
  • gencode

    Rx908NKgrjAZ

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      97d99e2649633d38d514d81f1c711304_JaffaCakes118

    • Size

      668KB

    • MD5

      97d99e2649633d38d514d81f1c711304

    • SHA1

      030d1e88a0a379e847e16a31f0148b89dfe40fe0

    • SHA256

      09aa7218c709f331ce61a9735d17c01e6de0547fdb586f88506e0f72df10596e

    • SHA512

      27bb129c6cb7ee188315b8a1238e59293e5f9750824ceca342ee7bd6d3bd415b8e314df45c91c7fa7456054e4519621312c0104ff62f5d9c871e1c7d6ee011a6

    • SSDEEP

      12288:Xe/RGF6VTXouQ441nRh3rRR10sofvlgfQ3XHBeoAY9/pGki0uUuW:u4Fc8L101gfQheb4pGkWUuW

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

MITRE ATT&CK Enterprise v15

Tasks