General

  • Target

    3e3e8902dc05885076e70519b7b6c97e_JaffaCakes118

  • Size

    838KB

  • Sample

    241013-gzqf5axarr

  • MD5

    3e3e8902dc05885076e70519b7b6c97e

  • SHA1

    55b7c4d8507acdf710028714286a1982736db734

  • SHA256

    11847ac1d4d0cf10ffc6fe3dc801d9b4fa484f889ddce36c822774b733c110c3

  • SHA512

    8722ccc52bef4d83641e081ba2d795fd83442d076b9ec02557978809dbf886cd9e6a801b845ca8cb0e5a911a3a2ad12d30d903a305022793dece345cc38d9a41

  • SSDEEP

    24576:0skrgaFHiPrrrg3mdkrNlfXxE9nQwjOFT:0skrgDjrrgoANlFLB

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

stickyzero2six.ddns.net:1604

Mutex

DC_MUTEX-6036EEL

Attributes
  • gencode

    E6tUGzVFexSi

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      3e3e8902dc05885076e70519b7b6c97e_JaffaCakes118

    • Size

      838KB

    • MD5

      3e3e8902dc05885076e70519b7b6c97e

    • SHA1

      55b7c4d8507acdf710028714286a1982736db734

    • SHA256

      11847ac1d4d0cf10ffc6fe3dc801d9b4fa484f889ddce36c822774b733c110c3

    • SHA512

      8722ccc52bef4d83641e081ba2d795fd83442d076b9ec02557978809dbf886cd9e6a801b845ca8cb0e5a911a3a2ad12d30d903a305022793dece345cc38d9a41

    • SSDEEP

      24576:0skrgaFHiPrrrg3mdkrNlfXxE9nQwjOFT:0skrgDjrrgoANlFLB

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.