General

  • Target

    6dda9f5d7b8f67fb71b550bbb8355792_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240725-dctcqaxdkg

  • MD5

    6dda9f5d7b8f67fb71b550bbb8355792

  • SHA1

    9038bd72db95b4bc6f8c65753e93fa23f7c6e4b4

  • SHA256

    36d0f347d19ccdaffb41c32ca02a5a98aebfa7a18f8c6f7b2130198e8dd0e336

  • SHA512

    d31d635bb72042a508673bea44759eb0ee004d71d320c3688561ca6ac516a4bb1bdb9e37d28a972c87762eb412a4419f10920f7472d5c758cc36470d0987b1f0

  • SSDEEP

    24576:WqWI5cDWz5yBHuU+biiIXOxPg1tbj4baouQL:PNlyYfGiIk6tYeouQL

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

love88.no-ip.biz:1604

Mutex

DC_MUTEX-9SX27TM

Attributes
  • gencode

    iAeRJXlNcXbK

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      6dda9f5d7b8f67fb71b550bbb8355792_JaffaCakes118

    • Size

      1.1MB

    • MD5

      6dda9f5d7b8f67fb71b550bbb8355792

    • SHA1

      9038bd72db95b4bc6f8c65753e93fa23f7c6e4b4

    • SHA256

      36d0f347d19ccdaffb41c32ca02a5a98aebfa7a18f8c6f7b2130198e8dd0e336

    • SHA512

      d31d635bb72042a508673bea44759eb0ee004d71d320c3688561ca6ac516a4bb1bdb9e37d28a972c87762eb412a4419f10920f7472d5c758cc36470d0987b1f0

    • SSDEEP

      24576:WqWI5cDWz5yBHuU+biiIXOxPg1tbj4baouQL:PNlyYfGiIk6tYeouQL

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks