General

  • Target

    f72d3d018965b4f90ad28ce4c8ce2957_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241216-egzkzasqet

  • MD5

    f72d3d018965b4f90ad28ce4c8ce2957

  • SHA1

    f80a5bec126723478d970dd0f0d931d6b88e9f0a

  • SHA256

    2872c21999a0e51ea81c5bed9da9498e1d88aa6b892430d6fd0138ee616c4861

  • SHA512

    c7dde6cb04d5c674bc36534119e4d943a61cf318ca4284fa1d02438b0186bf3568a3b21f1215037d03bd70c94d7fe97c90457b19b5519d346fb5e66f943608b2

  • SSDEEP

    24576:iRmYkcoQricOIrxiZY1iaCvH57wKaHnCMjORymu7Xmg7FT2bk:3YZoQrbT8ZY1iaC/516zt2g7Fao

Malware Config

Extracted

Family

darkcomet

Botnet

Guest2013

C2

shades.no-ip.org:1604

Mutex

DCMIN_MUTEX-MDWE7NC

Attributes
  • gencode

    46vVi771eZVT

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      f72d3d018965b4f90ad28ce4c8ce2957_JaffaCakes118

    • Size

      1.3MB

    • MD5

      f72d3d018965b4f90ad28ce4c8ce2957

    • SHA1

      f80a5bec126723478d970dd0f0d931d6b88e9f0a

    • SHA256

      2872c21999a0e51ea81c5bed9da9498e1d88aa6b892430d6fd0138ee616c4861

    • SHA512

      c7dde6cb04d5c674bc36534119e4d943a61cf318ca4284fa1d02438b0186bf3568a3b21f1215037d03bd70c94d7fe97c90457b19b5519d346fb5e66f943608b2

    • SSDEEP

      24576:iRmYkcoQricOIrxiZY1iaCvH57wKaHnCMjORymu7Xmg7FT2bk:3YZoQrbT8ZY1iaC/516zt2g7Fao

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks