General

  • Target

    JaffaCakes118_400f02ee7b1ac8c05d90143b54cee18b

  • Size

    349KB

  • Sample

    250302-n34lgstwfy

  • MD5

    400f02ee7b1ac8c05d90143b54cee18b

  • SHA1

    42fb4ad25a7d10b9fdcb3f22c07e8b250af38fb6

  • SHA256

    4b522403fe6aa6f5bd43ec09ef5077d877fde70a94c9b14bb140d95cb48318d7

  • SHA512

    e7730bfbf9d9d1812e375b27d565a9481a4f1ce63ea0c246f6f88a73653042e2a3c0a1e15f61397009a9e4901ed73003659831b16a5780db20a8fafdb1cf6b68

  • SSDEEP

    6144:YcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37avA:YcW7KEZlPzCy37

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

rust3djv.no-ip.org:8888

Mutex

DC_MUTEX-4YESMFS

Attributes
  • gencode

    9yb1qGsBjW7n

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_400f02ee7b1ac8c05d90143b54cee18b

    • Size

      349KB

    • MD5

      400f02ee7b1ac8c05d90143b54cee18b

    • SHA1

      42fb4ad25a7d10b9fdcb3f22c07e8b250af38fb6

    • SHA256

      4b522403fe6aa6f5bd43ec09ef5077d877fde70a94c9b14bb140d95cb48318d7

    • SHA512

      e7730bfbf9d9d1812e375b27d565a9481a4f1ce63ea0c246f6f88a73653042e2a3c0a1e15f61397009a9e4901ed73003659831b16a5780db20a8fafdb1cf6b68

    • SSDEEP

      6144:YcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37avA:YcW7KEZlPzCy37

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks