General

  • Target

    d66d38155e7363c223960fa18196ef86_JaffaCakes118

  • Size

    810KB

  • Sample

    241208-lsv59avmbp

  • MD5

    d66d38155e7363c223960fa18196ef86

  • SHA1

    2161f98fe38ac11a22793c25a718b58b00647df4

  • SHA256

    9607e53698b7ba7559f0cac0b2cedcac9b2ea0b261cc3b2f74c8ded7f7a1783f

  • SHA512

    4baf01736c986bfa062302a50cebeab1ecdbb5a851b72a35ca96a6223832aa185bea3f356ed81a98ff8823f9ed9b688714dbbd2631cd180e8604623050bf9ccc

  • SSDEEP

    24576:pvvxxNz60N65kQCA+eDxIoZfF1eAOOjfMnjY:bO0NDQAMF1eqMc

Malware Config

Extracted

Family

darkcomet

Botnet

Scr1pt

C2

scr1pt.no-ip.biz:1604

Mutex

DC_MUTEX-6RTHDXW

Attributes
  • gencode

    03zeuEH2t2Sl

  • install

    false

  • offline_keylogger

    true

  • password

    12345

  • persistence

    false

Targets

    • Target

      d66d38155e7363c223960fa18196ef86_JaffaCakes118

    • Size

      810KB

    • MD5

      d66d38155e7363c223960fa18196ef86

    • SHA1

      2161f98fe38ac11a22793c25a718b58b00647df4

    • SHA256

      9607e53698b7ba7559f0cac0b2cedcac9b2ea0b261cc3b2f74c8ded7f7a1783f

    • SHA512

      4baf01736c986bfa062302a50cebeab1ecdbb5a851b72a35ca96a6223832aa185bea3f356ed81a98ff8823f9ed9b688714dbbd2631cd180e8604623050bf9ccc

    • SSDEEP

      24576:pvvxxNz60N65kQCA+eDxIoZfF1eAOOjfMnjY:bO0NDQAMF1eqMc

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Windows security bypass

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks