General

  • Target

    c80c76f303ecda2a75c7719539987692_JaffaCakes118

  • Size

    821KB

  • Sample

    241205-rcl6asxnet

  • MD5

    c80c76f303ecda2a75c7719539987692

  • SHA1

    172f56e99ae2428dc12f72ed085f3fdc8d361368

  • SHA256

    042b817574858b81ea5b48845ac43d5b6b2ea22505510578fcd3da19d89eb6f8

  • SHA512

    8e1ad1f010a3df7cfd47c6d19072fb550cbaf5a8ca9bbef6c5e060650e97507c0cee710a660f45a1e036f54151d2d4f9b34400a373f9a0dda0bc62577d55596e

  • SSDEEP

    12288:q+/NvNnSbiTldkLjiLAd5FqQ5kIVeHKOTYIfm2jzeWeJnc:q+/NlnWiTldNUdfqyr2K8tCjN

Malware Config

Extracted

Family

darkcomet

Botnet

YES

C2

zchau.no-ip.biz:1604

Mutex

DC_MUTEX-VY9JREP

Attributes
  • gencode

    6hJTqKYeY6qG

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      c80c76f303ecda2a75c7719539987692_JaffaCakes118

    • Size

      821KB

    • MD5

      c80c76f303ecda2a75c7719539987692

    • SHA1

      172f56e99ae2428dc12f72ed085f3fdc8d361368

    • SHA256

      042b817574858b81ea5b48845ac43d5b6b2ea22505510578fcd3da19d89eb6f8

    • SHA512

      8e1ad1f010a3df7cfd47c6d19072fb550cbaf5a8ca9bbef6c5e060650e97507c0cee710a660f45a1e036f54151d2d4f9b34400a373f9a0dda0bc62577d55596e

    • SSDEEP

      12288:q+/NvNnSbiTldkLjiLAd5FqQ5kIVeHKOTYIfm2jzeWeJnc:q+/NlnWiTldNUdfqyr2K8tCjN

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks