Overview

overview

10

Static

static

3

JaffaCakes...44.exe

windows7-x64

10

JaffaCakes...44.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_61387ffc9d5aedfc0b1ab844c282bb44

  • Size

    785KB

  • Sample

    250101-26skaazmb1

  • MD5

    61387ffc9d5aedfc0b1ab844c282bb44

  • SHA1

    fab0f591e99f828ed1df36eaac4c724a675cc944

  • SHA256

    1861560d5d43fea8c496e7a1463d67ca54904679173cf4ec8c6d0a3ff00551ab

  • SHA512

    a21f3593e34594aeadf87c2634f17efcf8cd33c742d38ea6e3a200709d172b628e0aad8dc4aefe29d621b32873093ea42cfd33e159b4597d94e56383c0a14738

  • SSDEEP

    12288:uYU1gHHpEvyXLFgcDC2su5YoWrWVYDEtTkN+2v9HWF82AN:os+yXuu5SrWViEJQDHWLAN

Score
10/10
darkcometjama3ydiscoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Jama3y

C2

dng.no-ip.biz:3989

Mutex

DC_MUTEX-1GER7M1

Attributes
  • gencode

    pw22WXnsxZPa

  • install

    false

  • offline_keylogger

    true

  • password

    36468549

  • persistence

    false

Targets

    • Target

      JaffaCakes118_61387ffc9d5aedfc0b1ab844c282bb44

    • Size

      785KB

    • MD5

      61387ffc9d5aedfc0b1ab844c282bb44

    • SHA1

      fab0f591e99f828ed1df36eaac4c724a675cc944

    • SHA256

      1861560d5d43fea8c496e7a1463d67ca54904679173cf4ec8c6d0a3ff00551ab

    • SHA512

      a21f3593e34594aeadf87c2634f17efcf8cd33c742d38ea6e3a200709d172b628e0aad8dc4aefe29d621b32873093ea42cfd33e159b4597d94e56383c0a14738

    • SSDEEP

      12288:uYU1gHHpEvyXLFgcDC2su5YoWrWVYDEtTkN+2v9HWF82AN:os+yXuu5SrWViEJQDHWLAN

    Score
    10/10
    darkcometjama3ydiscoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks