General

  • Target

    e61c5bc99fd2b158ac4ea799ea64568a_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241212-nbhvpstrcr

  • MD5

    e61c5bc99fd2b158ac4ea799ea64568a

  • SHA1

    a5a97266dd2b5f1d2f3328c04efbc1b4e6fec0f1

  • SHA256

    03118049958123e881a7e4731221e0690bdd49e1a624f4a989683c7ab363be80

  • SHA512

    73f021eebcd0a1195b06bf360fdb6b62815cecabc750a80dc5b3c0a3133bd944e8dfab9a45eec89633ba25fa6415e00b61db2012eaf1a0e3549a534e54e238cb

  • SSDEEP

    24576:kYi0aeKVUQBoGotjrJX9cpTDCdr/lR2C29slZFwvt2ST3VnNnvIWUE:kYiLeK7VotjrJX9c1Ct/P2CksDFwvt2o

Malware Config

Extracted

Family

darkcomet

Botnet

Absolute3

C2

emile2012.no-ip.info:1337

Mutex

DCMIN_MUTEX-ZZUD73J

Attributes
  • gencode

    tz3FGhkXWDV3

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      e61c5bc99fd2b158ac4ea799ea64568a_JaffaCakes118

    • Size

      1.1MB

    • MD5

      e61c5bc99fd2b158ac4ea799ea64568a

    • SHA1

      a5a97266dd2b5f1d2f3328c04efbc1b4e6fec0f1

    • SHA256

      03118049958123e881a7e4731221e0690bdd49e1a624f4a989683c7ab363be80

    • SHA512

      73f021eebcd0a1195b06bf360fdb6b62815cecabc750a80dc5b3c0a3133bd944e8dfab9a45eec89633ba25fa6415e00b61db2012eaf1a0e3549a534e54e238cb

    • SSDEEP

      24576:kYi0aeKVUQBoGotjrJX9cpTDCdr/lR2C29slZFwvt2ST3VnNnvIWUE:kYiLeK7VotjrJX9c1Ct/P2CksDFwvt2o

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks