General

  • Target

    e27079805806b6b5781cc5c5871baac5_JaffaCakes118

  • Size

    356KB

  • Sample

    241211-vmyhvswnel

  • MD5

    e27079805806b6b5781cc5c5871baac5

  • SHA1

    944d6c06b3b90ffbc673dec864383213192e75ff

  • SHA256

    df2f1b608519349912a341a7736c4d2cf57841a96561ee9ac6d822e654b24ef8

  • SHA512

    9de3a66e89828277b1c530b7eaf2f86f88a6ff8435f91837411563e015dc850f6ce4cb935232e687a2f5d81728081b938158aaf4c2e82cd8f8de40da25f5fb9e

  • SSDEEP

    6144:cVT0ojk1/FLzRjI9pCoHiK+zYC0EiQ86JsAbvzsJV/FT41MggwU7wE:o0ojy/BRSpM2zb6qjVhxx9

Malware Config

Extracted

Family

darkcomet

Botnet

MINICRAFT

C2

95.25.114.135:1604

Mutex

DC_MUTEX-BYZQF92

Attributes
  • gencode

    yGHj6XNKu577

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      e27079805806b6b5781cc5c5871baac5_JaffaCakes118

    • Size

      356KB

    • MD5

      e27079805806b6b5781cc5c5871baac5

    • SHA1

      944d6c06b3b90ffbc673dec864383213192e75ff

    • SHA256

      df2f1b608519349912a341a7736c4d2cf57841a96561ee9ac6d822e654b24ef8

    • SHA512

      9de3a66e89828277b1c530b7eaf2f86f88a6ff8435f91837411563e015dc850f6ce4cb935232e687a2f5d81728081b938158aaf4c2e82cd8f8de40da25f5fb9e

    • SSDEEP

      6144:cVT0ojk1/FLzRjI9pCoHiK+zYC0EiQ86JsAbvzsJV/FT41MggwU7wE:o0ojy/BRSpM2zb6qjVhxx9

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks