General

  • Target

    JaffaCakes118_41e98aa69a198f332c21b9305b52f894

  • Size

    1.4MB

  • Sample

    250302-w945la1vbt

  • MD5

    41e98aa69a198f332c21b9305b52f894

  • SHA1

    2e70f0aca3443a9d0189b7fddca1c55884a571fc

  • SHA256

    250b15a0977311d8328f545632f55bea0e84d40b6175440130de608f94beca7d

  • SHA512

    ac3a0a2a7795ddc8837c86b241ba44721a41a051a60bd8d9ccf0cf6e5c86777070a228555aafb3212c68e16e3d0634085770d76ac439f06782fb65cba08a13ad

  • SSDEEP

    24576:V3W5xgcy6liY3KLjQ3CdfQU0vJ+O/bDrgyS+glhOfQO5PTnK/cRgOnmq9g6BzAeQ:E5xgX6YMWM5JvUuEfVM5YcOU7m6u

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

khadi1.no-ip.biz:987

Mutex

DC_MUTEX-MEAL357

Attributes
  • gencode

    miWYMpE80PCG

  • install

    false

  • offline_keylogger

    true

  • password

    khadi123

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_41e98aa69a198f332c21b9305b52f894

    • Size

      1.4MB

    • MD5

      41e98aa69a198f332c21b9305b52f894

    • SHA1

      2e70f0aca3443a9d0189b7fddca1c55884a571fc

    • SHA256

      250b15a0977311d8328f545632f55bea0e84d40b6175440130de608f94beca7d

    • SHA512

      ac3a0a2a7795ddc8837c86b241ba44721a41a051a60bd8d9ccf0cf6e5c86777070a228555aafb3212c68e16e3d0634085770d76ac439f06782fb65cba08a13ad

    • SSDEEP

      24576:V3W5xgcy6liY3KLjQ3CdfQU0vJ+O/bDrgyS+glhOfQO5PTnK/cRgOnmq9g6BzAeQ:E5xgX6YMWM5JvUuEfVM5YcOU7m6u

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies security service

    • Windows security bypass

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Windows security modification

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks