General

  • Target

    d8d81831ecc8b7ded7456e16afc4e6c9_JaffaCakes118

  • Size

    864KB

  • Sample

    241209-kygpdaspdt

  • MD5

    d8d81831ecc8b7ded7456e16afc4e6c9

  • SHA1

    a293c76a525dd3ce38c023b349133423616d363d

  • SHA256

    736f4810ca61ca8c20f9b1f8200636ce0aeeb666b0695206c97fdbb975ff6944

  • SHA512

    395a256db33044787b5437bd717aae872edaab2c099f992f788433cd879fd3050cfc10e5bb6fc5e8be67a5bc679b8360744932ca029a6cc7bad935371266ba4d

  • SSDEEP

    12288:I3KbEDgGH+9eAJZjQa8WHteESc3Qbwz38LFeKLOnOQCJUOI1gQj5AzgKUWpb:wkEE8Q1d7kcAXLQ0IdjyXpb

Malware Config

Extracted

Family

darkcomet

Botnet

Newest16

C2

numberoneminecraft.serveminecraft.net:9001

Mutex

DC_MUTEX-8WBVLNV

Attributes
  • gencode

    Fs2TLineApRu

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

Targets

    • Target

      d8d81831ecc8b7ded7456e16afc4e6c9_JaffaCakes118

    • Size

      864KB

    • MD5

      d8d81831ecc8b7ded7456e16afc4e6c9

    • SHA1

      a293c76a525dd3ce38c023b349133423616d363d

    • SHA256

      736f4810ca61ca8c20f9b1f8200636ce0aeeb666b0695206c97fdbb975ff6944

    • SHA512

      395a256db33044787b5437bd717aae872edaab2c099f992f788433cd879fd3050cfc10e5bb6fc5e8be67a5bc679b8360744932ca029a6cc7bad935371266ba4d

    • SSDEEP

      12288:I3KbEDgGH+9eAJZjQa8WHteESc3Qbwz38LFeKLOnOQCJUOI1gQj5AzgKUWpb:wkEE8Q1d7kcAXLQ0IdjyXpb

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks