General

  • Target

    957e923e8dba070daacdfac1dd985739_JaffaCakes118

  • Size

    747KB

  • Sample

    240814-lcllwavarf

  • MD5

    957e923e8dba070daacdfac1dd985739

  • SHA1

    e5f4707827797a7cc8c4dec3e1c27cfe15e95960

  • SHA256

    028b01bfee0c4935c074e43e3a774e1b73fcb0aeb831c283c9ec9ba5aab6aa79

  • SHA512

    e6d642d1eac22a87d4b09a7d9340033fc50e408dfcff107a8387f88538fff99ca4aa08fb3f6acb61f2c0c9ab522c26e340860b778c1e713cfe062ff21cb1bf67

  • SSDEEP

    12288:Jk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+w:i0QRWoJEfg0oChGdJQbjPbNW5tYeP+GF

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

123test123.no-ip.biz:25565

Mutex

DC_MUTEX-JSQ1JXZ

Attributes
  • gencode

    9dCMbbL4FPg1

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      957e923e8dba070daacdfac1dd985739_JaffaCakes118

    • Size

      747KB

    • MD5

      957e923e8dba070daacdfac1dd985739

    • SHA1

      e5f4707827797a7cc8c4dec3e1c27cfe15e95960

    • SHA256

      028b01bfee0c4935c074e43e3a774e1b73fcb0aeb831c283c9ec9ba5aab6aa79

    • SHA512

      e6d642d1eac22a87d4b09a7d9340033fc50e408dfcff107a8387f88538fff99ca4aa08fb3f6acb61f2c0c9ab522c26e340860b778c1e713cfe062ff21cb1bf67

    • SSDEEP

      12288:Jk0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+w:i0QRWoJEfg0oChGdJQbjPbNW5tYeP+GF

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks