General

  • Target

    JaffaCakes118_55189aea38555aad157fa7526a21e388

  • Size

    990KB

  • Sample

    250306-fw1x1szny8

  • MD5

    55189aea38555aad157fa7526a21e388

  • SHA1

    4ce2cde22e0250fbc2fc83cedcf11e7d3e4f2649

  • SHA256

    7429a89b53a1fb5e347bb517ce5076fd112f03fe7752f8a6584daeaa0b1a94c2

  • SHA512

    3b35bfd38f156c262e7131c502106eaa56a1cdf4b41f059494a170cbbb3fde9570fe950701c4b28bc102bde7eb230309d8cda51a53f3de67615fd68947c2e42e

  • SSDEEP

    24576:UCf0KXIYPxqLQL7wG9fkcfWCjpa8OYLLqW130DUd66sKaoQfkdmh:7f0KXIYxqLQLB+k4rCn1EDUk6sgQfym

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

204.152.219.119:1604

Mutex

DC_MUTEX-U4PYZE0

Attributes
  • gencode

    dhhUre6cVBAX

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_55189aea38555aad157fa7526a21e388

    • Size

      990KB

    • MD5

      55189aea38555aad157fa7526a21e388

    • SHA1

      4ce2cde22e0250fbc2fc83cedcf11e7d3e4f2649

    • SHA256

      7429a89b53a1fb5e347bb517ce5076fd112f03fe7752f8a6584daeaa0b1a94c2

    • SHA512

      3b35bfd38f156c262e7131c502106eaa56a1cdf4b41f059494a170cbbb3fde9570fe950701c4b28bc102bde7eb230309d8cda51a53f3de67615fd68947c2e42e

    • SSDEEP

      24576:UCf0KXIYPxqLQL7wG9fkcfWCjpa8OYLLqW130DUd66sKaoQfkdmh:7f0KXIYxqLQLB+k4rCn1EDUk6sgQfym

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks