General

  • Target

    d5b85283195556e522c8b5627369aba1_JaffaCakes118

  • Size

    627KB

  • Sample

    241208-hd24gawmdy

  • MD5

    d5b85283195556e522c8b5627369aba1

  • SHA1

    efbf8a337eb8acbcd2e844cc37a9792a36d55123

  • SHA256

    e6af143bd96b2d461248f6a9116375f0179faff9c7a4b146dc2d34f41eda34e3

  • SHA512

    e8ad79ab0593919fd6a7c592232496a0859ae29b61b1a7cfedd31fb334c3b557f6ab39b51110458df13b2f713f936f2e27564ff74888e793005c2b5cdfe6e6a6

  • SSDEEP

    12288:YbRL99DE+UxcqH4siLPndzMo+RV7+d1mDT0t9P9KD8A/hJaF:qRRx7qHyvdzVM7W1BfP95C0

Malware Config

Extracted

Family

darkcomet

Botnet

Slave

C2

katygarismova123.no-ip.biz:200

Mutex

DC_MUTEX-MBWJM88

Attributes
  • gencode

    JMUmoo8nTYeT

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      d5b85283195556e522c8b5627369aba1_JaffaCakes118

    • Size

      627KB

    • MD5

      d5b85283195556e522c8b5627369aba1

    • SHA1

      efbf8a337eb8acbcd2e844cc37a9792a36d55123

    • SHA256

      e6af143bd96b2d461248f6a9116375f0179faff9c7a4b146dc2d34f41eda34e3

    • SHA512

      e8ad79ab0593919fd6a7c592232496a0859ae29b61b1a7cfedd31fb334c3b557f6ab39b51110458df13b2f713f936f2e27564ff74888e793005c2b5cdfe6e6a6

    • SSDEEP

      12288:YbRL99DE+UxcqH4siLPndzMo+RV7+d1mDT0t9P9KD8A/hJaF:qRRx7qHyvdzVM7W1BfP95C0

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks