General

  • Target

    cc3f65c0563e924334171c34739b93a1_JaffaCakes118

  • Size

    406KB

  • Sample

    241206-lc7jcazrdt

  • MD5

    cc3f65c0563e924334171c34739b93a1

  • SHA1

    57a2c69cabe40bf0029659ec85b7973a5b66cb60

  • SHA256

    f8a84bf759c8278809dc27249a20fa793b79e3143e6c5eeddab71fc551851a64

  • SHA512

    6891469562eb8db984370a90c56a903c6da70dad4774ba0107f235351a2fbc8f448f6259f42e0b1f68742d8d06b889d8ed79bd1bf676dff9668cb316393adb9e

  • SSDEEP

    12288:OA7Z754T7Yx9Zg9FwKAFq20/Q4QaXCptDl1nSf:OA7N5G7X9DAFqdoQSpt

Malware Config

Extracted

Family

darkcomet

Botnet

mike1

C2

hack222.no-ip.org:9999

Mutex

DC_MUTEX-6FY2DLH

Attributes
  • gencode

    GojiebcNvf2x

  • install

    false

  • offline_keylogger

    true

  • password

    237566

  • persistence

    false

Targets

    • Target

      cc3f65c0563e924334171c34739b93a1_JaffaCakes118

    • Size

      406KB

    • MD5

      cc3f65c0563e924334171c34739b93a1

    • SHA1

      57a2c69cabe40bf0029659ec85b7973a5b66cb60

    • SHA256

      f8a84bf759c8278809dc27249a20fa793b79e3143e6c5eeddab71fc551851a64

    • SHA512

      6891469562eb8db984370a90c56a903c6da70dad4774ba0107f235351a2fbc8f448f6259f42e0b1f68742d8d06b889d8ed79bd1bf676dff9668cb316393adb9e

    • SSDEEP

      12288:OA7Z754T7Yx9Zg9FwKAFq20/Q4QaXCptDl1nSf:OA7N5G7X9DAFqdoQSpt

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks