Overview

overview

10

Static

static

10

JaffaCakes...25.exe

windows7-x64

10

JaffaCakes...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_c5121ac67c74d1c1c0ca4cec70b50125

  • Size

    811KB

  • Sample

    250208-t415msvpcv

  • MD5

    c5121ac67c74d1c1c0ca4cec70b50125

  • SHA1

    f29eb3a6c17ac2f33cb2ddfcc2cc749e33ce5f4d

  • SHA256

    f506cd9ec1d9a8b4ef548106cbd0c73ce7203138de8becbf0488ddf1dd8e89d8

  • SHA512

    2e07e4a7c01e6efc8368f512eeeedf733ca13058c3ec9349df1e55a4970799be76bae468f06741053620da911bb7f5fde54a75cfa25f03a1b29432b305daa55e

  • SSDEEP

    12288:caAchpWs4DJIcynnC90levX4CuYf2D82T3s99+VHuNKQ:dAEEPDhynCylQgi63O9+VuN

Score
10/10
darkcometdc1discoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

dc1

C2

rotakusip.no-ip.org:82

Mutex

DC_MUTEX-ACEZG4T

Attributes
  • InstallPath

    Windupdt\winupdate.exe

  • gencode

    PntJbN+CEEQq

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    winupdater

rc4.plain

Targets

    • Target

      JaffaCakes118_c5121ac67c74d1c1c0ca4cec70b50125

    • Size

      811KB

    • MD5

      c5121ac67c74d1c1c0ca4cec70b50125

    • SHA1

      f29eb3a6c17ac2f33cb2ddfcc2cc749e33ce5f4d

    • SHA256

      f506cd9ec1d9a8b4ef548106cbd0c73ce7203138de8becbf0488ddf1dd8e89d8

    • SHA512

      2e07e4a7c01e6efc8368f512eeeedf733ca13058c3ec9349df1e55a4970799be76bae468f06741053620da911bb7f5fde54a75cfa25f03a1b29432b305daa55e

    • SSDEEP

      12288:caAchpWs4DJIcynnC90levX4CuYf2D82T3s99+VHuNKQ:dAEEPDhynCylQgi63O9+VuN

    Score
    10/10
    darkcometdc1discoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks