General

  • Target

    81d7da6337a9a90de315daf0a9b58ec6_JaffaCakes118

  • Size

    952KB

  • Sample

    240801-1mh13axejq

  • MD5

    81d7da6337a9a90de315daf0a9b58ec6

  • SHA1

    10ca19ebef6e00c205b94594d75c78579f27c77f

  • SHA256

    bbe216179efc421544da9c7106a96fe38586a20307532895be55ffd053869f40

  • SHA512

    9197c4222cfb2af26543d31b21cde22426029b6eaa9a27c59cd289128233540e4f330447a0c8990f3c9235d2cbdf7503a8bd6c28a07441140c7d950fe965febc

  • SSDEEP

    24576:5xvY94DlNYwzezJdfkz91PHmM7+lzRAdiSdu9uyhq:HEK3CNkDGM72RiiyA

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

mrkxk.no-ip.info:4321

Mutex

DC_MUTEX-Q9TKZAR

Attributes
  • gencode

    2fE0gqGHvbCn

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      81d7da6337a9a90de315daf0a9b58ec6_JaffaCakes118

    • Size

      952KB

    • MD5

      81d7da6337a9a90de315daf0a9b58ec6

    • SHA1

      10ca19ebef6e00c205b94594d75c78579f27c77f

    • SHA256

      bbe216179efc421544da9c7106a96fe38586a20307532895be55ffd053869f40

    • SHA512

      9197c4222cfb2af26543d31b21cde22426029b6eaa9a27c59cd289128233540e4f330447a0c8990f3c9235d2cbdf7503a8bd6c28a07441140c7d950fe965febc

    • SSDEEP

      24576:5xvY94DlNYwzezJdfkz91PHmM7+lzRAdiSdu9uyhq:HEK3CNkDGM72RiiyA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks