General

  • Target

    JaffaCakes118_5582ed3cc6c7a96fb7614ded95a28470

  • Size

    649KB

  • Sample

    250306-jkxm1atky3

  • MD5

    5582ed3cc6c7a96fb7614ded95a28470

  • SHA1

    fa3f62f04ec13e54052c6b45e4a174c30de765f0

  • SHA256

    05f0501026709d3341ccae9ef6a76a21606cd1728c0ab9f755f18b95c1cae7c1

  • SHA512

    1645c19d5c49e29169f9abbcc4b0c19100ef446733b780dc0705f0bb1de591e4588fad64ad6565b9884f7e1ded3dac9b53fbd445bb6d1e69b35ed0f658a8287d

  • SSDEEP

    12288:7k0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+c:w0QRWoJEfg0oChGdJQbjPbNW5tYeP+Gp

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

str0.zapto.org:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    ayqF6iYxCxwM

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_5582ed3cc6c7a96fb7614ded95a28470

    • Size

      649KB

    • MD5

      5582ed3cc6c7a96fb7614ded95a28470

    • SHA1

      fa3f62f04ec13e54052c6b45e4a174c30de765f0

    • SHA256

      05f0501026709d3341ccae9ef6a76a21606cd1728c0ab9f755f18b95c1cae7c1

    • SHA512

      1645c19d5c49e29169f9abbcc4b0c19100ef446733b780dc0705f0bb1de591e4588fad64ad6565b9884f7e1ded3dac9b53fbd445bb6d1e69b35ed0f658a8287d

    • SSDEEP

      12288:7k0QVlhmPojAPTMEsUTg0oChO/Q2JbsbjPbN5qhRTtYe3f+Iw86k/9/+c:w0QRWoJEfg0oChGdJQbjPbNW5tYeP+Gp

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks