General

  • Target

    JaffaCakes118_1bf9a9492b9ac58b5d373a50d7246dc8

  • Size

    670KB

  • Sample

    250222-yxnyysxpfn

  • MD5

    1bf9a9492b9ac58b5d373a50d7246dc8

  • SHA1

    5243ff1715dc606f930523ebee4495fc0e1dc5db

  • SHA256

    6971dddc3354f715fc61c7e7d326283d706134f4329b01baa3310f27ac38d81b

  • SHA512

    1f71371c4bd2be2ed344d2ccf77af267c12691592ba3efc75ef44e2b9b59398ff39848f877b546ab7ffdb3776a6937c4972eca1c245687db2d11d687afc7b719

  • SSDEEP

    12288:O+z5fbEsE580WSBduc3AcVetVA3Mo8OY+ezt9CHFt9c:XN+qvCMc3LYt0COot9Cj9c

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

aylin.sytes.net:1604

Mutex

DC_MUTEX-31JYQDU

Attributes
  • gencode

    1VH7mslA0=Pm

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_1bf9a9492b9ac58b5d373a50d7246dc8

    • Size

      670KB

    • MD5

      1bf9a9492b9ac58b5d373a50d7246dc8

    • SHA1

      5243ff1715dc606f930523ebee4495fc0e1dc5db

    • SHA256

      6971dddc3354f715fc61c7e7d326283d706134f4329b01baa3310f27ac38d81b

    • SHA512

      1f71371c4bd2be2ed344d2ccf77af267c12691592ba3efc75ef44e2b9b59398ff39848f877b546ab7ffdb3776a6937c4972eca1c245687db2d11d687afc7b719

    • SSDEEP

      12288:O+z5fbEsE580WSBduc3AcVetVA3Mo8OY+ezt9CHFt9c:XN+qvCMc3LYt0COot9Cj9c

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks