General

  • Target

    JaffaCakes118_20746aab4343e0a87457d97e04a93d5c

  • Size

    684KB

  • Sample

    250223-m28y5swjt6

  • MD5

    20746aab4343e0a87457d97e04a93d5c

  • SHA1

    0f6d160d9aa0bbb6d27749af3ea459a9094f01e6

  • SHA256

    2c74c3f6ebc523b2e7d92cd5337c836e7ec9d59f39f1be4f7500f12a22fa0870

  • SHA512

    9cd36b13ff7c184aa8a5cc7a9c695be5494967b611915f9ea66dbdfba94f0a96735a73dd552c19e1b95016dfd15b28b05e4245f0e38b89b49d68f71063d3d9ef

  • SSDEEP

    12288:WG8xLD1dR6sVpdgzQIO0Ew+4ui35Y5AhyL/mkL5jD2pq1IkTuWwgqC:WhdP6seEIxEJ4ZQxGkT1n

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

ernesc.no-ip.biz:4662

Mutex

DC_MUTEX-NJR4ZM2

Attributes
  • gencode

    zYGLd1xpsEfX

  • install

    false

  • offline_keylogger

    true

  • password

    h8you

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_20746aab4343e0a87457d97e04a93d5c

    • Size

      684KB

    • MD5

      20746aab4343e0a87457d97e04a93d5c

    • SHA1

      0f6d160d9aa0bbb6d27749af3ea459a9094f01e6

    • SHA256

      2c74c3f6ebc523b2e7d92cd5337c836e7ec9d59f39f1be4f7500f12a22fa0870

    • SHA512

      9cd36b13ff7c184aa8a5cc7a9c695be5494967b611915f9ea66dbdfba94f0a96735a73dd552c19e1b95016dfd15b28b05e4245f0e38b89b49d68f71063d3d9ef

    • SSDEEP

      12288:WG8xLD1dR6sVpdgzQIO0Ew+4ui35Y5AhyL/mkL5jD2pq1IkTuWwgqC:WhdP6seEIxEJ4ZQxGkT1n

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies firewall policy service

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks