General

  • Target

    d3dc03e5df892db9f1f11ec17681a073_JaffaCakes118

  • Size

    712KB

  • Sample

    241207-1433kasjen

  • MD5

    d3dc03e5df892db9f1f11ec17681a073

  • SHA1

    8524547ec483c9310d9cf45d283d54e7e0c9c3a8

  • SHA256

    83172090765f0a1407136a42ec4c9b9c4b2c47a17ce4b4a5a26a2cf4d50175c8

  • SHA512

    510ddd82192cf3407e140e4438d33fd02a28524d1a4d233c3093f0c684082ded13c78e772b02edcc349f79a9f6bf1190ba9e754c63451ebd574bc6be17b01278

  • SSDEEP

    12288:6DZ+NiPdgvUu349qVQ26Tj3RlBecWy+AnO6ExZWM+ZEyleDYud+lTc+:6tnuVvKj37ktAO6AIh2ylOec+

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-B497C1N

Attributes
  • gencode

    n3sLh5r610NL

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      d3dc03e5df892db9f1f11ec17681a073_JaffaCakes118

    • Size

      712KB

    • MD5

      d3dc03e5df892db9f1f11ec17681a073

    • SHA1

      8524547ec483c9310d9cf45d283d54e7e0c9c3a8

    • SHA256

      83172090765f0a1407136a42ec4c9b9c4b2c47a17ce4b4a5a26a2cf4d50175c8

    • SHA512

      510ddd82192cf3407e140e4438d33fd02a28524d1a4d233c3093f0c684082ded13c78e772b02edcc349f79a9f6bf1190ba9e754c63451ebd574bc6be17b01278

    • SSDEEP

      12288:6DZ+NiPdgvUu349qVQ26Tj3RlBecWy+AnO6ExZWM+ZEyleDYud+lTc+:6tnuVvKj37ktAO6AIh2ylOec+

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks