General

  • Target

    cdcf0ba6fbd462694af1a138b199af92_JaffaCakes118

  • Size

    700KB

  • Sample

    241206-s7452a1jap

  • MD5

    cdcf0ba6fbd462694af1a138b199af92

  • SHA1

    82b7e3a61883a0b43ea7a5fa69717cd895cf0c8d

  • SHA256

    219973fe92369d337e411f0aeba3c55293331e682d7fda1e1fa187145e73c29e

  • SHA512

    7b41364227fda6de4388b9ee7f644b4f5d8520222f35571a44b7e72d1049119f87575694b8662437e603bfd8eda50008bdfe3ae05a9a95c263c8e29def5a48e2

  • SSDEEP

    12288:0YBEmz5X5/6QFYbpGdGfzfSR8FKNQ5mJUOfVm+b2FsTZ:0YBEiX+7rfSRcIQ5mhk+bwst

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:81

Mutex

DC_MUTEX-N6XE286

Attributes
  • gencode

    jvqHz797QMwi

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      cdcf0ba6fbd462694af1a138b199af92_JaffaCakes118

    • Size

      700KB

    • MD5

      cdcf0ba6fbd462694af1a138b199af92

    • SHA1

      82b7e3a61883a0b43ea7a5fa69717cd895cf0c8d

    • SHA256

      219973fe92369d337e411f0aeba3c55293331e682d7fda1e1fa187145e73c29e

    • SHA512

      7b41364227fda6de4388b9ee7f644b4f5d8520222f35571a44b7e72d1049119f87575694b8662437e603bfd8eda50008bdfe3ae05a9a95c263c8e29def5a48e2

    • SSDEEP

      12288:0YBEmz5X5/6QFYbpGdGfzfSR8FKNQ5mJUOfVm+b2FsTZ:0YBEiX+7rfSRcIQ5mhk+bwst

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks