Overview

overview

10

Static

static

3

JaffaCakes...6b.exe

windows7-x64

10

JaffaCakes...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_883d243ebeb7842c7ede5bcc4ae1926b

  • Size

    703KB

  • Sample

    250323-3ehfnszsfx

  • MD5

    883d243ebeb7842c7ede5bcc4ae1926b

  • SHA1

    db529d12e8dba880365721539503aea82abe52a4

  • SHA256

    0ac80e003ddb4327be56f390db7b9a06e8ae0806c6ee00ad414d2b25d2637235

  • SHA512

    e675e4967e12a1531a5f51a93404512ac7bc73c2b1cf342c543ee039242795816742424862c9cfa00ba9b02e103fed2cb3e989e270b1d0ecded43d6727d65528

  • SSDEEP

    12288:HiE71I2/tNJQ2WKCqhRxcV9L0s7IcupNtn32t9/leggM4hNnneLB8:HiE7O2/bGiRxcVasRsNtG79eggMwNneL

Score
10/10
darkcometguest16_mindiscoveryrattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

68.63.132.222:1604

Mutex

DCMIN_MUTEX-WCAY38R

Attributes
  • gencode

    H22hZtBkVAkc

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_883d243ebeb7842c7ede5bcc4ae1926b

    • Size

      703KB

    • MD5

      883d243ebeb7842c7ede5bcc4ae1926b

    • SHA1

      db529d12e8dba880365721539503aea82abe52a4

    • SHA256

      0ac80e003ddb4327be56f390db7b9a06e8ae0806c6ee00ad414d2b25d2637235

    • SHA512

      e675e4967e12a1531a5f51a93404512ac7bc73c2b1cf342c543ee039242795816742424862c9cfa00ba9b02e103fed2cb3e989e270b1d0ecded43d6727d65528

    • SSDEEP

      12288:HiE71I2/tNJQ2WKCqhRxcV9L0s7IcupNtn32t9/leggM4hNnneLB8:HiE7O2/bGiRxcVasRsNtG79eggMwNneL

    Score
    10/10
    darkcometguest16_mindiscoveryrattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks