General

  • Target

    d92480381bafbfeb9fe83b94f915506c_JaffaCakes118

  • Size

    1.8MB

  • Sample

    241209-mey6esvjew

  • MD5

    d92480381bafbfeb9fe83b94f915506c

  • SHA1

    4f98aa50c7c1005749a2eda6ae7a6b2bfb351198

  • SHA256

    1a38a3fec5f35becb529fdc8da7a9687fb2659ec06e283e74f162fbb3a38ce9f

  • SHA512

    52e7b8e8d62e72d982d9140fe206750b4eebbba4e7c665df7bc8dd8d3512d2c19174ba204f9d548201cdcc93729a0b445945dc0fb42c658a4ba920774662e742

  • SSDEEP

    24576:8DVSn+sFv83ik+03FnEFaR4b9GBuAvmMgPKZ36E+paPPCJQqFK7d3Xtaxt5TYwiX:a8p27VEcWoz7gPKwEogPCJBFeXtqtbQ

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

amis59.zapto.org:100

192.168.1.1:100

Mutex

DC_MUTEX-SYE9RFY

Attributes
  • gencode

    04SbL8lsv4kf

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      d92480381bafbfeb9fe83b94f915506c_JaffaCakes118

    • Size

      1.8MB

    • MD5

      d92480381bafbfeb9fe83b94f915506c

    • SHA1

      4f98aa50c7c1005749a2eda6ae7a6b2bfb351198

    • SHA256

      1a38a3fec5f35becb529fdc8da7a9687fb2659ec06e283e74f162fbb3a38ce9f

    • SHA512

      52e7b8e8d62e72d982d9140fe206750b4eebbba4e7c665df7bc8dd8d3512d2c19174ba204f9d548201cdcc93729a0b445945dc0fb42c658a4ba920774662e742

    • SSDEEP

      24576:8DVSn+sFv83ik+03FnEFaR4b9GBuAvmMgPKZ36E+paPPCJQqFK7d3Xtaxt5TYwiX:a8p27VEcWoz7gPKwEogPCJBFeXtqtbQ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks