General

  • Target

    98be4a078bac66fff3d1c0973e7c5fb2_JaffaCakes118

  • Size

    1.9MB

  • Sample

    241125-c9c7bsznhj

  • MD5

    98be4a078bac66fff3d1c0973e7c5fb2

  • SHA1

    bf929da0eece286d16344b14c8ddc0303ce66b50

  • SHA256

    adecfb84e4b9cacb643a9431a47b4bdb90fbd24efa470e63aba91306c6e126a3

  • SHA512

    dd61fd686db033221da3129ab9232aaebfdb43940b229e2bdab7e266370a1a054ed84538e8c60aac2cb01ced418a6afdd03521234b75c1923a10cb03ec7201c1

  • SSDEEP

    49152:pJZoQrbTFZY1iaqxp3Faa98sCv+ec4NwZnKmOZ:ptrbTA1G4+eaVZOZ

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

aqo.no-ip.info:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    F31VgHVHZnQ6

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      98be4a078bac66fff3d1c0973e7c5fb2_JaffaCakes118

    • Size

      1.9MB

    • MD5

      98be4a078bac66fff3d1c0973e7c5fb2

    • SHA1

      bf929da0eece286d16344b14c8ddc0303ce66b50

    • SHA256

      adecfb84e4b9cacb643a9431a47b4bdb90fbd24efa470e63aba91306c6e126a3

    • SHA512

      dd61fd686db033221da3129ab9232aaebfdb43940b229e2bdab7e266370a1a054ed84538e8c60aac2cb01ced418a6afdd03521234b75c1923a10cb03ec7201c1

    • SSDEEP

      49152:pJZoQrbTFZY1iaqxp3Faa98sCv+ec4NwZnKmOZ:ptrbTA1G4+eaVZOZ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks