General

  • Target

    7cb4c9283ec17c9714abdb1ca430c9e7_JaffaCakes118

  • Size

    718KB

  • Sample

    241029-zta4csymb1

  • MD5

    7cb4c9283ec17c9714abdb1ca430c9e7

  • SHA1

    f7cd34a7f420d29139b963991bc834d6c384a3f5

  • SHA256

    bcb4e32c5443bafb2b7e04c63b479d58c315f7e10f1ffe0301fb217f74e82056

  • SHA512

    13dc4dab6ba76b88780bb1b57fc8c0cd7474da9c7d13ccf19cc80f99398e64fbc768ff83b489be8d1b70c2a98c20ef6d1db38f37723dd798b0eda2584c4f43e9

  • SSDEEP

    12288:BbaPcNy7BkYFlq+DPlq8NLbZdHy8pFJkDsBNljU2goaILPpwmZPGmPJ8SgU:pu7Bzyp83g8pFusBNl42goRSuPGqJF

Malware Config

Extracted

Family

darkcomet

Botnet

Guest1

C2

bardock.no-ip.org:1604

Mutex

DC_MUTEX-4ALRNJD

Attributes
  • gencode

    pS49GsXU4wf8

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      7cb4c9283ec17c9714abdb1ca430c9e7_JaffaCakes118

    • Size

      718KB

    • MD5

      7cb4c9283ec17c9714abdb1ca430c9e7

    • SHA1

      f7cd34a7f420d29139b963991bc834d6c384a3f5

    • SHA256

      bcb4e32c5443bafb2b7e04c63b479d58c315f7e10f1ffe0301fb217f74e82056

    • SHA512

      13dc4dab6ba76b88780bb1b57fc8c0cd7474da9c7d13ccf19cc80f99398e64fbc768ff83b489be8d1b70c2a98c20ef6d1db38f37723dd798b0eda2584c4f43e9

    • SSDEEP

      12288:BbaPcNy7BkYFlq+DPlq8NLbZdHy8pFJkDsBNljU2goaILPpwmZPGmPJ8SgU:pu7Bzyp83g8pFusBNl42goRSuPGqJF

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks