General

  • Target

    76fea28420b8f95ebd8f92d49ea23b34_JaffaCakes118

  • Size

    236KB

  • Sample

    240727-ep8tlswgkp

  • MD5

    76fea28420b8f95ebd8f92d49ea23b34

  • SHA1

    8e36074e63a4cab1d75618463a1c63ffcd8581cb

  • SHA256

    04c1494cf3a15ada715f4867dc12788eb61b828d8fadd3d9d8b1e81d461a5b2d

  • SHA512

    33d344a659b9607d524ac0dba7e9a4239334d08840d4ec71e34c77d4248bf88bc91ee9c27cb26d319b00fb99b0e5e10e78e40481559b9f0581bcb97b9c281191

  • SSDEEP

    6144:dMMWJH007FoGoyy4LozdtSMxuzhXv67fRCwsp9WONUff6:sJH0NGoyz4uzpifRCwGWON

Malware Config

Extracted

Family

darkcomet

Botnet

sheepception

C2

thematrixx.zapto.org:1333

sheepception.zapto.org:1333

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    fXfsZcmQgzoa

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Extracted

Family

latentbot

C2

sheepception.zapto.org

Targets

    • Target

      76fea28420b8f95ebd8f92d49ea23b34_JaffaCakes118

    • Size

      236KB

    • MD5

      76fea28420b8f95ebd8f92d49ea23b34

    • SHA1

      8e36074e63a4cab1d75618463a1c63ffcd8581cb

    • SHA256

      04c1494cf3a15ada715f4867dc12788eb61b828d8fadd3d9d8b1e81d461a5b2d

    • SHA512

      33d344a659b9607d524ac0dba7e9a4239334d08840d4ec71e34c77d4248bf88bc91ee9c27cb26d319b00fb99b0e5e10e78e40481559b9f0581bcb97b9c281191

    • SSDEEP

      6144:dMMWJH007FoGoyy4LozdtSMxuzhXv67fRCwsp9WONUff6:sJH0NGoyz4uzpifRCwGWON

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies WinLogon for persistence

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks