General

  • Target

    96ab2d958032ed31e4c4a9cc17b0a189_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240814-sx28pavcrp

  • MD5

    96ab2d958032ed31e4c4a9cc17b0a189

  • SHA1

    87d4306467f4921813ffab0f2403ba9b15d89d57

  • SHA256

    620750ba49718905eecc153a16cb5c11427c945e4a126873b789f2c2f111e9e8

  • SHA512

    c7bf4bbe319367b2fd44a8601b815211fd7be8e63f22e6230980f383117f5f44329e7cbb17f55ac14b3a488a92e470baee6f99670b8d1fcd0a8575fb162ab206

  • SSDEEP

    12288:8lyOEIzifoEqqx2XcLnsYRg87cvCPAq3djaCRvUXC9KykRvWIb0aeeXXR+oGElkb:lAXOsH6raCSXC9ZQb0beRbGFz+BO/

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

apexdc.zapto.org:1604

Mutex

DC_MUTEX-PFS0EXK

Attributes
  • gencode

    5ouYPzE4Twyj

  • install

    false

  • offline_keylogger

    true

  • password

    ujeucm6296

  • persistence

    false

Targets

    • Target

      96ab2d958032ed31e4c4a9cc17b0a189_JaffaCakes118

    • Size

      1.0MB

    • MD5

      96ab2d958032ed31e4c4a9cc17b0a189

    • SHA1

      87d4306467f4921813ffab0f2403ba9b15d89d57

    • SHA256

      620750ba49718905eecc153a16cb5c11427c945e4a126873b789f2c2f111e9e8

    • SHA512

      c7bf4bbe319367b2fd44a8601b815211fd7be8e63f22e6230980f383117f5f44329e7cbb17f55ac14b3a488a92e470baee6f99670b8d1fcd0a8575fb162ab206

    • SSDEEP

      12288:8lyOEIzifoEqqx2XcLnsYRg87cvCPAq3djaCRvUXC9KykRvWIb0aeeXXR+oGElkb:lAXOsH6raCSXC9ZQb0beRbGFz+BO/

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks