General

  • Target

    880b03ac5957cdf909b50a6516ff015b_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240810-24zwksxcpe

  • MD5

    880b03ac5957cdf909b50a6516ff015b

  • SHA1

    58082d7d1601fd728c800c7ad075f27b71e1ec23

  • SHA256

    b535694854b8d5b129a358ea8a088c46c32b4922db7d4f1e7cb4af3d4259181c

  • SHA512

    604e2038c57eb3e3a172779b2d6dfc2114b038c4997938804dc8960c219e8171750b9e914625b075ab580bba9571179a3f4128b25772bc2f4e3c1f718f26d6fd

  • SSDEEP

    49152:4cPGd/uIKufYJr+VoLpmSJy0rTm9BPW+YTOdue1Wdv+r8YQ41X:4aGw+VoLpmSk0rslWhb46gQ+X

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

agmal.no-ip.org:1604

Mutex

DC_MUTEX-UZET8XQ

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    QgvjjfxfTCCb

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    crss

Targets

    • Target

      880b03ac5957cdf909b50a6516ff015b_JaffaCakes118

    • Size

      2.5MB

    • MD5

      880b03ac5957cdf909b50a6516ff015b

    • SHA1

      58082d7d1601fd728c800c7ad075f27b71e1ec23

    • SHA256

      b535694854b8d5b129a358ea8a088c46c32b4922db7d4f1e7cb4af3d4259181c

    • SHA512

      604e2038c57eb3e3a172779b2d6dfc2114b038c4997938804dc8960c219e8171750b9e914625b075ab580bba9571179a3f4128b25772bc2f4e3c1f718f26d6fd

    • SSDEEP

      49152:4cPGd/uIKufYJr+VoLpmSJy0rTm9BPW+YTOdue1Wdv+r8YQ41X:4aGw+VoLpmSk0rslWhb46gQ+X

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks