General

  • Target

    cf1e4ffeefc80f972eca5e3b400bb73e_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241206-1c5gbayles

  • MD5

    cf1e4ffeefc80f972eca5e3b400bb73e

  • SHA1

    bdbf9b01d3b2437028bab253b8f3968d7f5ca3fd

  • SHA256

    f54e1036646ce191b56cd9984c875080a16aedd614777592ec677921c4730477

  • SHA512

    b649016cc3f589be3b7b3da5e1e5bceba2b7ad74b5332a6700260d89ed286c4d7128f7b55db31c4d773218f8840280d9d6e6f38f1d9651dcf83e42d695a65a21

  • SSDEEP

    24576:YRmYkcoQricOIrxiZY1iapYfsp0pMNJA:dYZoQrbT8ZY1iapMsSWJ

Malware Config

Extracted

Family

darkcomet

Botnet

SLaves

C2

azerbajen.zapto.org:3267

Mutex

DCMIN_MUTEX-5DCVJ72

Attributes
  • gencode

    fwaP1gw7o42f

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      cf1e4ffeefc80f972eca5e3b400bb73e_JaffaCakes118

    • Size

      1.1MB

    • MD5

      cf1e4ffeefc80f972eca5e3b400bb73e

    • SHA1

      bdbf9b01d3b2437028bab253b8f3968d7f5ca3fd

    • SHA256

      f54e1036646ce191b56cd9984c875080a16aedd614777592ec677921c4730477

    • SHA512

      b649016cc3f589be3b7b3da5e1e5bceba2b7ad74b5332a6700260d89ed286c4d7128f7b55db31c4d773218f8840280d9d6e6f38f1d9651dcf83e42d695a65a21

    • SSDEEP

      24576:YRmYkcoQricOIrxiZY1iapYfsp0pMNJA:dYZoQrbT8ZY1iapMsSWJ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks