General

  • Target

    ffc476cc5de1540f3e0d41d4b87b66c9_JaffaCakes118

  • Size

    769KB

  • Sample

    241219-tm8hdsvngv

  • MD5

    ffc476cc5de1540f3e0d41d4b87b66c9

  • SHA1

    fd8891cd1474bad8defe4f99386cb505b7f8b577

  • SHA256

    cc0598c56a2723f4fb2d2d37fa29508fa7b14b28fa50e0eeac67b4102c9fd50d

  • SHA512

    0953fefc861cca9aa818079962990653815d93be50de058e50e1d5d668f2d3616679473aad677649401464882637b985d712ae5a8d3155f5993ed9cc93bc7f26

  • SSDEEP

    24576:LTvW/wxXSknYDkoR4HTaF1nP9tXGVnmpW:LTvW/wxTnYoTS1P6gpW

Malware Config

Extracted

Family

darkcomet

Botnet

XP

C2

fahimjan.no-ip.biz:1008

Mutex

DC_MUTEX-DSCVTSP

Attributes
  • gencode

    g901jEZ864Tb

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      ffc476cc5de1540f3e0d41d4b87b66c9_JaffaCakes118

    • Size

      769KB

    • MD5

      ffc476cc5de1540f3e0d41d4b87b66c9

    • SHA1

      fd8891cd1474bad8defe4f99386cb505b7f8b577

    • SHA256

      cc0598c56a2723f4fb2d2d37fa29508fa7b14b28fa50e0eeac67b4102c9fd50d

    • SHA512

      0953fefc861cca9aa818079962990653815d93be50de058e50e1d5d668f2d3616679473aad677649401464882637b985d712ae5a8d3155f5993ed9cc93bc7f26

    • SSDEEP

      24576:LTvW/wxXSknYDkoR4HTaF1nP9tXGVnmpW:LTvW/wxTnYoTS1P6gpW

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.