General

  • Target

    5e73e742dff9f01a03a17e813347ceb4_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240720-bjnppstakg

  • MD5

    5e73e742dff9f01a03a17e813347ceb4

  • SHA1

    1b70f145455c4cc008b922cf0b1845ac073f7b18

  • SHA256

    63fcc0fd7a9e678487ea99140b515b651ba764cb82fe6abbb75ef9b959cef15d

  • SHA512

    b29dfdae65b63e3c90da38648c07a597fd65cb753f486f33f177408a75b517d27a47047bff6c51e1e53eb8b557a1695fa8961598d6a6061e15d0ef89a734a649

  • SSDEEP

    24576:a4NEGIJYpSMAwWhC3VZe8Np9p1X5MAuUl:rFgMAwWhCL59p1+cl

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

alsarab9a.no-ip.org:8484

Mutex

DC_MUTEX-WTXU9WC

Attributes
  • gencode

    tMMhmTDtfC6t

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      5e73e742dff9f01a03a17e813347ceb4_JaffaCakes118

    • Size

      1.1MB

    • MD5

      5e73e742dff9f01a03a17e813347ceb4

    • SHA1

      1b70f145455c4cc008b922cf0b1845ac073f7b18

    • SHA256

      63fcc0fd7a9e678487ea99140b515b651ba764cb82fe6abbb75ef9b959cef15d

    • SHA512

      b29dfdae65b63e3c90da38648c07a597fd65cb753f486f33f177408a75b517d27a47047bff6c51e1e53eb8b557a1695fa8961598d6a6061e15d0ef89a734a649

    • SSDEEP

      24576:a4NEGIJYpSMAwWhC3VZe8Np9p1X5MAuUl:rFgMAwWhCL59p1+cl

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks