General

  • Target

    JaffaCakes118_57e1ec280fffc09227da1814d4ff8879

  • Size

    809KB

  • Sample

    250306-29eslazrt9

  • MD5

    57e1ec280fffc09227da1814d4ff8879

  • SHA1

    fb3b6c14e5d5f6a6b9e4a690e905878ad70e0d8a

  • SHA256

    d275b70db1bb24fd9a021648438ef24c1abab9c53623d2dd7cb2875e5d74b9b4

  • SHA512

    3d63b20f1f5fd98e41a1c780dbe6f567196c98878d333db44ab863e50557671dafe3a781dd5471d417f91aff041dcce1d7dfc63fd74a8144263553da8ca76b1c

  • SSDEEP

    12288:F499HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h9:FuZ1xuVVjfFoynPaVBUR8f+kN10EBT

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-C17PMA7

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    UU4nMHM6fs0L

  • install

    true

  • offline_keylogger

    true

  • password

    1234

  • persistence

    false

  • reg_key

    MicroUpdate

rc4.plain

Targets

    • Target

      JaffaCakes118_57e1ec280fffc09227da1814d4ff8879

    • Size

      809KB

    • MD5

      57e1ec280fffc09227da1814d4ff8879

    • SHA1

      fb3b6c14e5d5f6a6b9e4a690e905878ad70e0d8a

    • SHA256

      d275b70db1bb24fd9a021648438ef24c1abab9c53623d2dd7cb2875e5d74b9b4

    • SHA512

      3d63b20f1f5fd98e41a1c780dbe6f567196c98878d333db44ab863e50557671dafe3a781dd5471d417f91aff041dcce1d7dfc63fd74a8144263553da8ca76b1c

    • SSDEEP

      12288:F499HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h9:FuZ1xuVVjfFoynPaVBUR8f+kN10EBT

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks