General

  • Target

    d78dafe49116f809d7b69cc4e28d59bd_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240910-ehzmcswaqp

  • MD5

    d78dafe49116f809d7b69cc4e28d59bd

  • SHA1

    79fff69dbd37cdf1a787f065a2da6ad60fd89900

  • SHA256

    acf313d1a705f3de1430dd0056c424417508c84cfce28beaaa8bced4e15e751b

  • SHA512

    fb9641d12b94beae324dc0ff7c634f555d3d7f5de21b2cce510eeb90dda2a26a31d776a499eaa0ef5dfa9e27532d5e65251ca244ab12d03892cf01b34f0894b6

  • SSDEEP

    24576:CziEYxyUt70b7sTJb0HxP7kOw17mjIpn2KwJfV9:RV00p0RP75o6jUnxcfH

Malware Config

Extracted

Family

darkcomet

Botnet

hacked

C2

sulumanco.duckdns.org:4000

Mutex

DCMIN_MUTEX-5JGPC4U

Attributes
  • gencode

    PSXl8AA8UgHs

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      d78dafe49116f809d7b69cc4e28d59bd_JaffaCakes118

    • Size

      1.6MB

    • MD5

      d78dafe49116f809d7b69cc4e28d59bd

    • SHA1

      79fff69dbd37cdf1a787f065a2da6ad60fd89900

    • SHA256

      acf313d1a705f3de1430dd0056c424417508c84cfce28beaaa8bced4e15e751b

    • SHA512

      fb9641d12b94beae324dc0ff7c634f555d3d7f5de21b2cce510eeb90dda2a26a31d776a499eaa0ef5dfa9e27532d5e65251ca244ab12d03892cf01b34f0894b6

    • SSDEEP

      24576:CziEYxyUt70b7sTJb0HxP7kOw17mjIpn2KwJfV9:RV00p0RP75o6jUnxcfH

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks