General

  • Target

    JaffaCakes118_45857bbffb891186037f68ce794caf14

  • Size

    401KB

  • Sample

    250303-hpzgqa1sez

  • MD5

    45857bbffb891186037f68ce794caf14

  • SHA1

    9f0266bb7603f1d538ca29a8ae926715c301a3db

  • SHA256

    365287de5b3d9ca8b23475a4fe6c693d0fe4562e33fd4d59ec7b57f3a175c2c3

  • SHA512

    6d4df272f741832958a57ba522f86c23b9b121dba1d772ebf38dd7e240bfc881fbf74ff100e9029bd72ffc0b32d44f55586e52b1aea18ce9b5c9d739d2250ece

  • SSDEEP

    12288:Ts3u96999999999999999999999999999D9999999O999999999999999999999B:w3u9699999999999999999999999999y

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

adriendk69.no-ip.org:1604

Mutex

DC_MUTEX-418L84R

Attributes
  • gencode

    4JBkctSebjFN

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_45857bbffb891186037f68ce794caf14

    • Size

      401KB

    • MD5

      45857bbffb891186037f68ce794caf14

    • SHA1

      9f0266bb7603f1d538ca29a8ae926715c301a3db

    • SHA256

      365287de5b3d9ca8b23475a4fe6c693d0fe4562e33fd4d59ec7b57f3a175c2c3

    • SHA512

      6d4df272f741832958a57ba522f86c23b9b121dba1d772ebf38dd7e240bfc881fbf74ff100e9029bd72ffc0b32d44f55586e52b1aea18ce9b5c9d739d2250ece

    • SSDEEP

      12288:Ts3u96999999999999999999999999999D9999999O999999999999999999999B:w3u9699999999999999999999999999y

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks