General

  • Target

    7f21fde877be1b7c23224ae5d8d96cae_JaffaCakes118

  • Size

    811KB

  • Sample

    240801-etw1lswbmd

  • MD5

    7f21fde877be1b7c23224ae5d8d96cae

  • SHA1

    341ff0dcb29963d2786005b78e2989353038aab0

  • SHA256

    f796639bdade2f187651908be00a29dfca3a6ee5654dc2bc1defc1a02e3123e0

  • SHA512

    60ed0e5b847a024a13f9ddabbb3ab38cf035c7df5da5f8f7b1e6779221da7cc9afca52144693031841ec8821f688061c950970b23f5b680e841e6c1c0b413c75

  • SSDEEP

    12288:aRI74YVALgQfYf8qxnSJndiTgSs0ipnwgypD6P8WZycDx0+u7zpgZRDo/:aRC4YVA8QEt5gCsTwD6Ulcu/uZRDo

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

sourisdagneau.zapto.org:1702

Mutex

DCMIN_MUTEX-PB8TK76

Attributes
  • gencode

    CLp9ijrAtWzK

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Extracted

Family

latentbot

C2

sourisdagneau.zapto.org

Targets

    • Target

      7f21fde877be1b7c23224ae5d8d96cae_JaffaCakes118

    • Size

      811KB

    • MD5

      7f21fde877be1b7c23224ae5d8d96cae

    • SHA1

      341ff0dcb29963d2786005b78e2989353038aab0

    • SHA256

      f796639bdade2f187651908be00a29dfca3a6ee5654dc2bc1defc1a02e3123e0

    • SHA512

      60ed0e5b847a024a13f9ddabbb3ab38cf035c7df5da5f8f7b1e6779221da7cc9afca52144693031841ec8821f688061c950970b23f5b680e841e6c1c0b413c75

    • SSDEEP

      12288:aRI74YVALgQfYf8qxnSJndiTgSs0ipnwgypD6P8WZycDx0+u7zpgZRDo/:aRC4YVA8QEt5gCsTwD6Ulcu/uZRDo

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks