General

  • Target

    832ba48b173a9e9b47be20ec969abc8f_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240802-fx1nmsxglq

  • MD5

    832ba48b173a9e9b47be20ec969abc8f

  • SHA1

    0245f27ffbb0614f7e2cb74dd15a640831533173

  • SHA256

    3173db4450adccb8b91494e9d85112fbf3bcf5378d2c78aca0685053d6bac104

  • SHA512

    c7b8266ccaf73287c0af8024fffb3ba27c68800a3a4ff304deb1c50d6e814b91f860d1d609c32238c01a1ced7d2de03dc5aa43dcce509f32bc7ef177ff69589d

  • SSDEEP

    12288:IcF18NtKGVcGYBg5IZ8cGjjiZOHfaM2nmA+KECqPUPY6Cx0/VHFJvvBU+dA4Qgx:BFPdBg5fci/qxEBT2NvdAm

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-46VFR27

Attributes
  • gencode

    5Ad9NjhAabCv

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      832ba48b173a9e9b47be20ec969abc8f_JaffaCakes118

    • Size

      1.1MB

    • MD5

      832ba48b173a9e9b47be20ec969abc8f

    • SHA1

      0245f27ffbb0614f7e2cb74dd15a640831533173

    • SHA256

      3173db4450adccb8b91494e9d85112fbf3bcf5378d2c78aca0685053d6bac104

    • SHA512

      c7b8266ccaf73287c0af8024fffb3ba27c68800a3a4ff304deb1c50d6e814b91f860d1d609c32238c01a1ced7d2de03dc5aa43dcce509f32bc7ef177ff69589d

    • SSDEEP

      12288:IcF18NtKGVcGYBg5IZ8cGjjiZOHfaM2nmA+KECqPUPY6Cx0/VHFJvvBU+dA4Qgx:BFPdBg5fci/qxEBT2NvdAm

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks