Overview

overview

10

Static

static

3

JaffaCakes...2a.exe

windows10-2004-x64

10

JaffaCakes...2a.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_c087ab223cc3224196e5b5a6fb37172a

  • Size

    1.4MB

  • Sample

    250419-a7l1cazsgv

  • MD5

    c087ab223cc3224196e5b5a6fb37172a

  • SHA1

    399a0f9f34dec32237f9aeb2e466321c1b837809

  • SHA256

    1feaf5b5f3f475bf4cf68e25ae97113285dd26e425567be27f6ee0a8a4c78fa7

  • SHA512

    bd7c0867f20b61f3da9a95c82a3a1f78b9babf44427a117670bf72b74498a4f2765129a210db2b053954de6c41bf7a1e39c9fb0ce0b54ebc539fff98aaa736c5

  • SSDEEP

    24576:O2cFE1Bi8cIhuTtRLona+KWN3bvfI90GpLLLN:sEK8fKgnTG9LLN

Score
10/10
darkcometchromecrypterdiscoverypersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

ChromeCrypter

C2

dargstar.no-ip.biz:1337

Mutex

DC_MUTEX-NJH7D26

Attributes
  • gencode

    d9iWp3$Ypntd

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

rc4.plain

Targets

    • Target

      JaffaCakes118_c087ab223cc3224196e5b5a6fb37172a

    • Size

      1.4MB

    • MD5

      c087ab223cc3224196e5b5a6fb37172a

    • SHA1

      399a0f9f34dec32237f9aeb2e466321c1b837809

    • SHA256

      1feaf5b5f3f475bf4cf68e25ae97113285dd26e425567be27f6ee0a8a4c78fa7

    • SHA512

      bd7c0867f20b61f3da9a95c82a3a1f78b9babf44427a117670bf72b74498a4f2765129a210db2b053954de6c41bf7a1e39c9fb0ce0b54ebc539fff98aaa736c5

    • SSDEEP

      24576:O2cFE1Bi8cIhuTtRLona+KWN3bvfI90GpLLLN:sEK8fKgnTG9LLN

    Score
    10/10
    darkcometchromecrypterdiscoverypersistencerattrojan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks