General

  • Target

    JaffaCakes118_20cc1d87a95f7c4168b87e7528275ab1

  • Size

    1.6MB

  • Sample

    250223-n5x7gswmgv

  • MD5

    20cc1d87a95f7c4168b87e7528275ab1

  • SHA1

    d4d51666e5879d32bc4d9831a93799acb30f5df5

  • SHA256

    704976f44de6ca3c595387327bef12fe593cf908de0a70255bf06dc896644818

  • SHA512

    170e830418b297e14807ae0b0e7d29099751e122b2d48e52601b6eee7ba7d083940be0d9e512987786f2e6c0546e0e85d697226e130482708b2a7bd7dd0a66b6

  • SSDEEP

    24576:uX5hPA2aHl1EPlQzhRbkrf0Cx/9pk6H3Ty9+RyALSQseBoSQseBglubgKdlubgY:S5epFqNShRbuQ6XT0nMSe+SeG4sKd4sY

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

hack93120.no-ip.org:1024

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    oQ46#KS+JFqX

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_20cc1d87a95f7c4168b87e7528275ab1

    • Size

      1.6MB

    • MD5

      20cc1d87a95f7c4168b87e7528275ab1

    • SHA1

      d4d51666e5879d32bc4d9831a93799acb30f5df5

    • SHA256

      704976f44de6ca3c595387327bef12fe593cf908de0a70255bf06dc896644818

    • SHA512

      170e830418b297e14807ae0b0e7d29099751e122b2d48e52601b6eee7ba7d083940be0d9e512987786f2e6c0546e0e85d697226e130482708b2a7bd7dd0a66b6

    • SSDEEP

      24576:uX5hPA2aHl1EPlQzhRbkrf0Cx/9pk6H3Ty9+RyALSQseBoSQseBglubgKdlubgY:S5epFqNShRbuQ6XT0nMSe+SeG4sKd4sY

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks