General

  • Target

    JaffaCakes118_57e1c1e98c66da08b4807777c25645ec

  • Size

    882KB

  • Sample

    250306-28974sztaz

  • MD5

    57e1c1e98c66da08b4807777c25645ec

  • SHA1

    cd667dc65738ccaed78ea3639052a79a99932364

  • SHA256

    b7c1e300e454a413febe23384458d6821faa2503971479c9782f843d415a0581

  • SHA512

    8e459095e6635d77008b1f1c9acd583f4c88f4ac9c8e33d71525237a46abfede35fb7e740755a61bee428a2c295890e12473ebfe70a06bd555a5dfdb6cd2232e

  • SSDEEP

    24576:8LAsmbRbbtrZSDx8ob7nDI4MLitiYM1CW5:8EPVbBGbrs5mY

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

idontlikeyou.no-ip.biz:100

Mutex

DC_MUTEX-KSN3C24

Attributes
  • gencode

    MoKMBrjJF54r

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_57e1c1e98c66da08b4807777c25645ec

    • Size

      882KB

    • MD5

      57e1c1e98c66da08b4807777c25645ec

    • SHA1

      cd667dc65738ccaed78ea3639052a79a99932364

    • SHA256

      b7c1e300e454a413febe23384458d6821faa2503971479c9782f843d415a0581

    • SHA512

      8e459095e6635d77008b1f1c9acd583f4c88f4ac9c8e33d71525237a46abfede35fb7e740755a61bee428a2c295890e12473ebfe70a06bd555a5dfdb6cd2232e

    • SSDEEP

      24576:8LAsmbRbbtrZSDx8ob7nDI4MLitiYM1CW5:8EPVbBGbrs5mY

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Uses the VBS compiler for execution

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks