General

  • Target

    67c14c452580742d2e8b8f84fcd37074_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240723-qnjnwavfne

  • MD5

    67c14c452580742d2e8b8f84fcd37074

  • SHA1

    10dd9707393a240f63fb7236e5a02dd0b5c945f4

  • SHA256

    b71d389c468e13156244e85a3adb403571c96202088a57bd07e2c39421ecdab1

  • SHA512

    1993503c483881ac43c473543b45b600dade8d0be6363c81aa41599036e93df27c2d94361f2f78a2775da6f4ed8836e860f0c0041bcd3882075d6fc15cdb9d2d

  • SSDEEP

    24576:PoUjyf2D5VFBs+zcp0hdzEAPPf+BUTTRYm839Bva:PooyYBsx0hlEAP3+sB83e

Malware Config

Extracted

Family

darkcomet

Botnet

xwz

C2

kuider.dyndns-at-home.com:1604

Mutex

DC_MUTEX-B218V5W

Attributes
  • gencode

    9nEcALkkhAmM

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      67c14c452580742d2e8b8f84fcd37074_JaffaCakes118

    • Size

      1.3MB

    • MD5

      67c14c452580742d2e8b8f84fcd37074

    • SHA1

      10dd9707393a240f63fb7236e5a02dd0b5c945f4

    • SHA256

      b71d389c468e13156244e85a3adb403571c96202088a57bd07e2c39421ecdab1

    • SHA512

      1993503c483881ac43c473543b45b600dade8d0be6363c81aa41599036e93df27c2d94361f2f78a2775da6f4ed8836e860f0c0041bcd3882075d6fc15cdb9d2d

    • SSDEEP

      24576:PoUjyf2D5VFBs+zcp0hdzEAPPf+BUTTRYm839Bva:PooyYBsx0hlEAP3+sB83e

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks