General

  • Target

    JaffaCakes118_20be02e2dca6e816b351cac4bd6fd5e7

  • Size

    735KB

  • Sample

    250223-ny1n2awlhy

  • MD5

    20be02e2dca6e816b351cac4bd6fd5e7

  • SHA1

    6c55cee0d4a8623292f3e78a148f608debc06f54

  • SHA256

    3567e8257e1f08cd869bfe768f499fd14f68142f2ef52671ea091e29a17db640

  • SHA512

    cd19062da3bf6c17bef27816c0e20de472b0199e6628ca7ffa639e476600bdec2520f228baef4eee2f6f76b56d550cfa68081067614aba9669d03b2c909b6500

  • SSDEEP

    12288:fYc2fDVmFAu+NSCq/ZoKkJH60EOW3e+3JCcFuHE/PfWrXitKmw5oeNI0PVL9kU/F:QcW1NzqBozOu+QYuHE/0oeNIO9kU/xVF

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

81.184.154.233:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    tV+f#VWgBA�w

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_20be02e2dca6e816b351cac4bd6fd5e7

    • Size

      735KB

    • MD5

      20be02e2dca6e816b351cac4bd6fd5e7

    • SHA1

      6c55cee0d4a8623292f3e78a148f608debc06f54

    • SHA256

      3567e8257e1f08cd869bfe768f499fd14f68142f2ef52671ea091e29a17db640

    • SHA512

      cd19062da3bf6c17bef27816c0e20de472b0199e6628ca7ffa639e476600bdec2520f228baef4eee2f6f76b56d550cfa68081067614aba9669d03b2c909b6500

    • SSDEEP

      12288:fYc2fDVmFAu+NSCq/ZoKkJH60EOW3e+3JCcFuHE/PfWrXitKmw5oeNI0PVL9kU/F:QcW1NzqBozOu+QYuHE/0oeNIO9kU/xVF

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks