General

  • Target

    e81433472610bfe2bc3e320fad7d8d8e_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241212-yytktsxrgq

  • MD5

    e81433472610bfe2bc3e320fad7d8d8e

  • SHA1

    0241912ba1137572d87d9f3a46ee82ab5774bed6

  • SHA256

    00675c83d0755b1a4d28954d4426e5155127956f364e26676795e7109c27fdb8

  • SHA512

    17a584b687be02c6cd35b9846b28bad01c5e8f0769aa1b51c76595d9cea90c03e182d597c8355d35b05980904cb1eb52202e12c8053defc56461f7b8041b0a15

  • SSDEEP

    24576:v2O/GlZSB1ytVKPLtsq9w6GGLiqGpY4MSZyN301n7g6zwm4m53Sb2T:lCnKh7zF7GpYdSZyl45kFm53SyT

Malware Config

Extracted

Family

darkcomet

Botnet

ALL-BROWSER

C2

root.socialmediaservices.co:1299

Mutex

DC_MUTEX-E0HY7V3

Attributes
  • gencode

    zSHmPMnVaR8K

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      e81433472610bfe2bc3e320fad7d8d8e_JaffaCakes118

    • Size

      1.2MB

    • MD5

      e81433472610bfe2bc3e320fad7d8d8e

    • SHA1

      0241912ba1137572d87d9f3a46ee82ab5774bed6

    • SHA256

      00675c83d0755b1a4d28954d4426e5155127956f364e26676795e7109c27fdb8

    • SHA512

      17a584b687be02c6cd35b9846b28bad01c5e8f0769aa1b51c76595d9cea90c03e182d597c8355d35b05980904cb1eb52202e12c8053defc56461f7b8041b0a15

    • SSDEEP

      24576:v2O/GlZSB1ytVKPLtsq9w6GGLiqGpY4MSZyN301n7g6zwm4m53Sb2T:lCnKh7zF7GpYdSZyl45kFm53SyT

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks