General

  • Target

    JaffaCakes118_4bf0cbf070ddb3cf2a271cf541a2ec90

  • Size

    498KB

  • Sample

    250304-h31lyavkv4

  • MD5

    4bf0cbf070ddb3cf2a271cf541a2ec90

  • SHA1

    599f0ec701c32bd75646f02bda47e6be4aae1fee

  • SHA256

    3f55f88f9cf392b202fb6f1397498c0b3fea167c8cf8dcb9b8ddc49cd9120083

  • SHA512

    d79aa326b68595a79a0777dc15fb38321c8870b85819a5946c8d641bbe2b1855be09d06e1b504359fe6cb9adf4c14d65bfc574823562af78c8ace06ac2e3cb7e

  • SSDEEP

    12288:AQGoikLgPhhkpKFb6eCjlHgzpqlFkbKrPiWyBI6nM8UmHw:RGxrhhZMHKi2ad8VnTUKw

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Botnet

Victiim

C2

anonymousxx.zapto.org:1604

Mutex

DC_MUTEX-AAVAH2M

Attributes
  • gencode

    eF9uQHDozKEW

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Extracted

Family

latentbot

C2

anonymousxx.zapto.org

Targets

    • Target

      JaffaCakes118_4bf0cbf070ddb3cf2a271cf541a2ec90

    • Size

      498KB

    • MD5

      4bf0cbf070ddb3cf2a271cf541a2ec90

    • SHA1

      599f0ec701c32bd75646f02bda47e6be4aae1fee

    • SHA256

      3f55f88f9cf392b202fb6f1397498c0b3fea167c8cf8dcb9b8ddc49cd9120083

    • SHA512

      d79aa326b68595a79a0777dc15fb38321c8870b85819a5946c8d641bbe2b1855be09d06e1b504359fe6cb9adf4c14d65bfc574823562af78c8ace06ac2e3cb7e

    • SSDEEP

      12288:AQGoikLgPhhkpKFb6eCjlHgzpqlFkbKrPiWyBI6nM8UmHw:RGxrhhZMHKi2ad8VnTUKw

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Latentbot family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks