General

  • Target

    JaffaCakes118_4e78e7193d7ce8b9ac79f01d0e1787f0

  • Size

    601KB

  • Sample

    250304-t4f5gavvgt

  • MD5

    4e78e7193d7ce8b9ac79f01d0e1787f0

  • SHA1

    92185f6b6294817844995ab766c886c1152a2848

  • SHA256

    1a290bfad5150aaad093fb4b1d3812470bb5f416f8701fa8019af87516b0573f

  • SHA512

    277caa36ddcb06dc2fdced32aaa11c18d9ca99cd0ea9d41379fda81bef21f8b454a0860ea6e84869b62454cdf21cd13ad651c916790dc022e7b7945ce575ea3b

  • SSDEEP

    12288:8VpkxMdC61S6tCaLFmN5xAzsjWqJLCWJyxzkAmRnI/fiP0DNCH6FFxMW1x2VpR:8VpkocLCvkApy8BCH6Hxu

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_4e78e7193d7ce8b9ac79f01d0e1787f0

    • Size

      601KB

    • MD5

      4e78e7193d7ce8b9ac79f01d0e1787f0

    • SHA1

      92185f6b6294817844995ab766c886c1152a2848

    • SHA256

      1a290bfad5150aaad093fb4b1d3812470bb5f416f8701fa8019af87516b0573f

    • SHA512

      277caa36ddcb06dc2fdced32aaa11c18d9ca99cd0ea9d41379fda81bef21f8b454a0860ea6e84869b62454cdf21cd13ad651c916790dc022e7b7945ce575ea3b

    • SSDEEP

      12288:8VpkxMdC61S6tCaLFmN5xAzsjWqJLCWJyxzkAmRnI/fiP0DNCH6FFxMW1x2VpR:8VpkocLCvkApy8BCH6Hxu

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks