General

  • Target

    951c990305d9ed864d0300f70583c1ea_JaffaCakes118

  • Size

    810KB

  • Sample

    240814-h2jl2azajd

  • MD5

    951c990305d9ed864d0300f70583c1ea

  • SHA1

    9699dad9e330c1f12391835b4e37d8855fc0c91a

  • SHA256

    8f8150b7be05579734286698c9a71170c8b6817b7edefed48d3f1926227f2d67

  • SHA512

    64ab3b6065b213c50af63623bd22845b1a6b6c1a07c0535ea38c3a491f9d7a7262c70b2ce04bfde0ca6114eef2f6baacbd2d98bd3b023840be51b9c92ef1c094

  • SSDEEP

    24576:rAV9G0m+80d1g4qqxq86dEa9YQHnQ5bAzouw4PE3fHeE3fH:/zweK5AuB

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

seewaffle.no-ip.biz:1604

Mutex

DC_MUTEX-DUZKPX6

Attributes
  • gencode

    bs6yfcL2fpvU

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      951c990305d9ed864d0300f70583c1ea_JaffaCakes118

    • Size

      810KB

    • MD5

      951c990305d9ed864d0300f70583c1ea

    • SHA1

      9699dad9e330c1f12391835b4e37d8855fc0c91a

    • SHA256

      8f8150b7be05579734286698c9a71170c8b6817b7edefed48d3f1926227f2d67

    • SHA512

      64ab3b6065b213c50af63623bd22845b1a6b6c1a07c0535ea38c3a491f9d7a7262c70b2ce04bfde0ca6114eef2f6baacbd2d98bd3b023840be51b9c92ef1c094

    • SSDEEP

      24576:rAV9G0m+80d1g4qqxq86dEa9YQHnQ5bAzouw4PE3fHeE3fH:/zweK5AuB

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks