General

  • Target

    JaffaCakes118_55af2c8c43ce9ce9149f1b253f9189da

  • Size

    801KB

  • Sample

    250306-klbbtsvkx4

  • MD5

    55af2c8c43ce9ce9149f1b253f9189da

  • SHA1

    21199b62099bea421b1808e59d8002b205e01185

  • SHA256

    5120f5b13e79e136a4220f7b0dff6dd291a2c82a82d94a24b95cb2e7658859f3

  • SHA512

    cd0f7854c1edf97b2ee218e8caeefb6e8e68354706d3b6710ea853a150f9e66d88a81bc28892e935d5ddacd8e4611d607b5dbed5d122a460f25bd9c5ff0438c8

  • SSDEEP

    12288:xJADyBxMh1c2xeeooLI8ypsmLMFWATGaZkmhS3ef/H:xeAxMzVNI8/GAqSVCenH

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

5.1.11.233:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    i7CEtWv=03m=

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_55af2c8c43ce9ce9149f1b253f9189da

    • Size

      801KB

    • MD5

      55af2c8c43ce9ce9149f1b253f9189da

    • SHA1

      21199b62099bea421b1808e59d8002b205e01185

    • SHA256

      5120f5b13e79e136a4220f7b0dff6dd291a2c82a82d94a24b95cb2e7658859f3

    • SHA512

      cd0f7854c1edf97b2ee218e8caeefb6e8e68354706d3b6710ea853a150f9e66d88a81bc28892e935d5ddacd8e4611d607b5dbed5d122a460f25bd9c5ff0438c8

    • SSDEEP

      12288:xJADyBxMh1c2xeeooLI8ypsmLMFWATGaZkmhS3ef/H:xeAxMzVNI8/GAqSVCenH

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks