General

  • Target

    5e8b261b2ab99f06e77bf0d88f0a3c55_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240720-b25qya1apk

  • MD5

    5e8b261b2ab99f06e77bf0d88f0a3c55

  • SHA1

    cb4e97d9da4d7af8a00bf1aaa936c4386ad1810a

  • SHA256

    258a27f2673911f1eca57e5cc9dba3fe59aff1c1c5ce560657e33f7ede7e7814

  • SHA512

    75084fceeed6b1f4fa8da3cc9a045fea02c346463fdc83588cdef45020baec0675d17f7beec2dcdf082d536bac1e65091d00a3cc282662691d2763c62d1e9318

  • SSDEEP

    24576:0QngjbzyTN3kxvztTIlQgRE1VsozgTJ4m1FuX6ASxly3sh5:0QsKyxvZgmrlkTJ4+FuX9cz

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

m20sh9.no-ip.org:1515

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    HkfdS0LdKkgi

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      5e8b261b2ab99f06e77bf0d88f0a3c55_JaffaCakes118

    • Size

      1.1MB

    • MD5

      5e8b261b2ab99f06e77bf0d88f0a3c55

    • SHA1

      cb4e97d9da4d7af8a00bf1aaa936c4386ad1810a

    • SHA256

      258a27f2673911f1eca57e5cc9dba3fe59aff1c1c5ce560657e33f7ede7e7814

    • SHA512

      75084fceeed6b1f4fa8da3cc9a045fea02c346463fdc83588cdef45020baec0675d17f7beec2dcdf082d536bac1e65091d00a3cc282662691d2763c62d1e9318

    • SSDEEP

      24576:0QngjbzyTN3kxvztTIlQgRE1VsozgTJ4m1FuX6ASxly3sh5:0QsKyxvZgmrlkTJ4+FuX9cz

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks