General

  • Target

    dce157453841e8911fdfb1e23a8951d0_JaffaCakes118

  • Size

    956KB

  • Sample

    241210-edmf8ssras

  • MD5

    dce157453841e8911fdfb1e23a8951d0

  • SHA1

    7b65ca86d25380b71d293d2463083316b5bf9ebb

  • SHA256

    7eb30df478a285e7aa0f8d20c8b3c7bf55eddc77931ca67342c0dcb94f197960

  • SHA512

    bdd3d089dc4c825972901c3ddf538137193f5141204399ace8fef8a5f90b2db2270df2053af1f71715e590b4430ef5d19f36836feebb6541f59a710876f2ef3a

  • SSDEEP

    24576:4bCLTqKcYRn0uYpOyb6dxiqDU9d1GN2MppjF:UGeb+nHbiqGd1K5

Malware Config

Extracted

Family

darkcomet

Botnet

Ligo

C2

ratttyyy.mooo.com:1604

Mutex

DCMIN_MUTEX-NAA2DFN

Attributes
  • gencode

    MHwSurYxMlva

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      dce157453841e8911fdfb1e23a8951d0_JaffaCakes118

    • Size

      956KB

    • MD5

      dce157453841e8911fdfb1e23a8951d0

    • SHA1

      7b65ca86d25380b71d293d2463083316b5bf9ebb

    • SHA256

      7eb30df478a285e7aa0f8d20c8b3c7bf55eddc77931ca67342c0dcb94f197960

    • SHA512

      bdd3d089dc4c825972901c3ddf538137193f5141204399ace8fef8a5f90b2db2270df2053af1f71715e590b4430ef5d19f36836feebb6541f59a710876f2ef3a

    • SSDEEP

      24576:4bCLTqKcYRn0uYpOyb6dxiqDU9d1GN2MppjF:UGeb+nHbiqGd1K5

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks