General

  • Target

    JaffaCakes118_42db693873e90e804ea9bcbc7e92b6e5

  • Size

    1.2MB

  • Sample

    250302-1vyfqawxfy

  • MD5

    42db693873e90e804ea9bcbc7e92b6e5

  • SHA1

    22cb387a52f784a0ac8e2912ba4940d387258ead

  • SHA256

    96e12a4802f39174e4d4a69a3f1c8a728d10e17dee86f53cc9d8c8f04ae18ccc

  • SHA512

    d69c6ff4032bcc8f99c470ad065443d53752bdde215eeac36ce08d4db379570359fde6c7b2e4e42edd8ea662442df6f4e710ce2f48fb048f572ac33a82074d59

  • SSDEEP

    24576:kxldkEzqWNbmLGDyTtzawCKkP+aN38UHrZC:kjXuWyecQwTi+wLHrZ

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

dc531.no-ip.biz:1604

Mutex

DC_MUTEX-4CUBAHY

Attributes
  • gencode

    dRQbfGal#7=i

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_42db693873e90e804ea9bcbc7e92b6e5

    • Size

      1.2MB

    • MD5

      42db693873e90e804ea9bcbc7e92b6e5

    • SHA1

      22cb387a52f784a0ac8e2912ba4940d387258ead

    • SHA256

      96e12a4802f39174e4d4a69a3f1c8a728d10e17dee86f53cc9d8c8f04ae18ccc

    • SHA512

      d69c6ff4032bcc8f99c470ad065443d53752bdde215eeac36ce08d4db379570359fde6c7b2e4e42edd8ea662442df6f4e710ce2f48fb048f572ac33a82074d59

    • SSDEEP

      24576:kxldkEzqWNbmLGDyTtzawCKkP+aN38UHrZC:kjXuWyecQwTi+wLHrZ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Windows security bypass

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks