General

  • Target

    68b36abd59d57c05917c304efebc919c_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240723-ynmpjavcnk

  • MD5

    68b36abd59d57c05917c304efebc919c

  • SHA1

    b4543ed6389d2919fb090102de8156612d184731

  • SHA256

    6d3ee4c6084fcea2bfde1cf6e1849852d31915ac3d9e628981901f98ced46e79

  • SHA512

    e15d38c912d351ba19a6388878a0cc8361bef68ff1f923edcf437448063fa4d98537434d04b7ccb3dca8a8294864fa6dfd260fb0ad22033a24597e48fbad043d

  • SSDEEP

    24576:6vM71CgBp1xGRECkOj3crqxHrwm+Fw5z4kwlA/+IJJPYnjcpS0:V71lX1frer+OsVscZ

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

brhom.no-ip.org:1604

Mutex

DC_MUTEX-4SS8BBW

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    5kyaXHSs4kx8

  • install

    true

  • offline_keylogger

    true

  • password

    0566699323

  • persistence

    false

  • reg_key

    MicroUpdate

Targets

    • Target

      68b36abd59d57c05917c304efebc919c_JaffaCakes118

    • Size

      1.2MB

    • MD5

      68b36abd59d57c05917c304efebc919c

    • SHA1

      b4543ed6389d2919fb090102de8156612d184731

    • SHA256

      6d3ee4c6084fcea2bfde1cf6e1849852d31915ac3d9e628981901f98ced46e79

    • SHA512

      e15d38c912d351ba19a6388878a0cc8361bef68ff1f923edcf437448063fa4d98537434d04b7ccb3dca8a8294864fa6dfd260fb0ad22033a24597e48fbad043d

    • SSDEEP

      24576:6vM71CgBp1xGRECkOj3crqxHrwm+Fw5z4kwlA/+IJJPYnjcpS0:V71lX1frer+OsVscZ

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks