General

  • Target

    JaffaCakes118_4b293f38171badea59d6f1fda9da1206

  • Size

    291KB

  • Sample

    250304-e6r77a1ly5

  • MD5

    4b293f38171badea59d6f1fda9da1206

  • SHA1

    d1f2c271ccfa6c9703eb29e8f0c794ad6e554013

  • SHA256

    25725bc4111abdfae35ab95c429a2e8de94b58a2a6183810fd75cd053d19d650

  • SHA512

    89c75b88bf93027072e543a850e50687310d94ee87124994bf703ba7ec4b3b3647951a6374e34fa4dd4c0675ab17d09cc8057988848b02880576d6e79a8be1ba

  • SSDEEP

    6144:LBJVqu5jxRl+t6Ge0qw0kw9+Ks9a8/7z6ln7l:LtqwjxRl+t6GfL7zc7l

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    xXh3rZk7Wn4o

  • install

    false

  • offline_keylogger

    true

  • password

    0123456789

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_4b293f38171badea59d6f1fda9da1206

    • Size

      291KB

    • MD5

      4b293f38171badea59d6f1fda9da1206

    • SHA1

      d1f2c271ccfa6c9703eb29e8f0c794ad6e554013

    • SHA256

      25725bc4111abdfae35ab95c429a2e8de94b58a2a6183810fd75cd053d19d650

    • SHA512

      89c75b88bf93027072e543a850e50687310d94ee87124994bf703ba7ec4b3b3647951a6374e34fa4dd4c0675ab17d09cc8057988848b02880576d6e79a8be1ba

    • SSDEEP

      6144:LBJVqu5jxRl+t6Ge0qw0kw9+Ks9a8/7z6ln7l:LtqwjxRl+t6GfL7zc7l

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks