General

  • Target

    JaffaCakes118_5487e1ba2bfb752435898357e8540772

  • Size

    612KB

  • Sample

    250306-cnkdhsvxdv

  • MD5

    5487e1ba2bfb752435898357e8540772

  • SHA1

    763429db5179d155356cd69ff0ed73246ee75486

  • SHA256

    ca8b291207507cc94d56f4a8c73fac112e19f62839c29a39ca66c1d896349368

  • SHA512

    0773771580c592318793aa10d9469536e07f6a995dfc86c0091d37d6c39f960b0620db64afa37e5760facd3b968705cdd56231e713c0f86a12ab44fb0656377f

  • SSDEEP

    12288:eb1UB5CIw/9tf/yY0dclKCDiN/zU0u7Fw4MFgySRWVu:012Tw/vyRdSDiN/zUBw4MFgySUc

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Botnet

Guest16

C2

gribyassine.zapto.org:91

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    Wrl$+vxjGy3u

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

rc4.plain

Targets

    • Target

      JaffaCakes118_5487e1ba2bfb752435898357e8540772

    • Size

      612KB

    • MD5

      5487e1ba2bfb752435898357e8540772

    • SHA1

      763429db5179d155356cd69ff0ed73246ee75486

    • SHA256

      ca8b291207507cc94d56f4a8c73fac112e19f62839c29a39ca66c1d896349368

    • SHA512

      0773771580c592318793aa10d9469536e07f6a995dfc86c0091d37d6c39f960b0620db64afa37e5760facd3b968705cdd56231e713c0f86a12ab44fb0656377f

    • SSDEEP

      12288:eb1UB5CIw/9tf/yY0dclKCDiN/zU0u7Fw4MFgySRWVu:012Tw/vyRdSDiN/zUBw4MFgySUc

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks