Overview

overview

10

Static

static

3

JaffaCakes...a2.exe

windows7-x64

10

JaffaCakes...a2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6484d6d55d63972da7f153f8bf29d5a2

  • Size

    704KB

  • Sample

    250102-mteqbs1mfk

  • MD5

    6484d6d55d63972da7f153f8bf29d5a2

  • SHA1

    ea750a91c068060eccca47f5e0d4297c2b6e7f37

  • SHA256

    157bceedf7a6c74a1e5faa4499ad97b6ba5d2c313f9f05988b8fea7a88fab3bd

  • SHA512

    51559e864d79105693d4d76e7972c72312832fd8b506471c017e26953e85d90d7debb17fbf1dbf2322117da594e0fff772209d4ef82f1b0de59dde596b2a2721

  • SSDEEP

    12288:X8s1iYoclkrrLt9H/g7hTg9DrhUU4Ca/CPPyyMeSPjqm7Uk91:/doclkHL3MU9DrWyPaywPjx7N91

Score
10/10
darkcometguest16_mindiscoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

127.0.0.1:1604

Mutex

DCMIN_MUTEX-94CFTRX

Attributes
  • gencode

    lSV57sxHs0Gl

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      JaffaCakes118_6484d6d55d63972da7f153f8bf29d5a2

    • Size

      704KB

    • MD5

      6484d6d55d63972da7f153f8bf29d5a2

    • SHA1

      ea750a91c068060eccca47f5e0d4297c2b6e7f37

    • SHA256

      157bceedf7a6c74a1e5faa4499ad97b6ba5d2c313f9f05988b8fea7a88fab3bd

    • SHA512

      51559e864d79105693d4d76e7972c72312832fd8b506471c017e26953e85d90d7debb17fbf1dbf2322117da594e0fff772209d4ef82f1b0de59dde596b2a2721

    • SSDEEP

      12288:X8s1iYoclkrrLt9H/g7hTg9DrhUU4Ca/CPPyyMeSPjqm7Uk91:/doclkHL3MU9DrWyPaywPjx7N91

    Score
    10/10
    darkcometguest16_mindiscoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks