General

  • Target

    a17860f4995ff2c69420d397d8683f0b_JaffaCakes118

  • Size

    628KB

  • Sample

    241126-mvrraatqgp

  • MD5

    a17860f4995ff2c69420d397d8683f0b

  • SHA1

    bba821623df6d4bae9b5401b539e197b7aeecbb6

  • SHA256

    ec4c1d8b7d07b17db8c31b16c0c0af488aae266afaf727c40bdb84eeb69ec44e

  • SHA512

    7b4e0f6f48d46edec41846f703dbad46667ba5ac71b91a786a0d8a0b918c4c714816bc5c108f03994b2dae1a4f757fe225cd65f0a3ccf3e08a16fdfa30b662f9

  • SSDEEP

    12288:Bl62RLeQqWg5CS9Xg9MCOgBC1rD/fJ6E3SCEnZO8XBOMSHcEX0lg:e2RLejJ5J9w9ML1rTfM33hoMNED

Malware Config

Extracted

Family

darkcomet

Botnet

ÖÍíÉ

C2

ehzv.zapto.org:1604

Mutex

DC_MUTEX-EDFVJ7D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    iVc60K4UGbP9

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Targets

    • Target

      a17860f4995ff2c69420d397d8683f0b_JaffaCakes118

    • Size

      628KB

    • MD5

      a17860f4995ff2c69420d397d8683f0b

    • SHA1

      bba821623df6d4bae9b5401b539e197b7aeecbb6

    • SHA256

      ec4c1d8b7d07b17db8c31b16c0c0af488aae266afaf727c40bdb84eeb69ec44e

    • SHA512

      7b4e0f6f48d46edec41846f703dbad46667ba5ac71b91a786a0d8a0b918c4c714816bc5c108f03994b2dae1a4f757fe225cd65f0a3ccf3e08a16fdfa30b662f9

    • SSDEEP

      12288:Bl62RLeQqWg5CS9Xg9MCOgBC1rD/fJ6E3SCEnZO8XBOMSHcEX0lg:e2RLejJ5J9w9ML1rTfM33hoMNED

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks