General

  • Target

    858e1b504d9ae8cc3bad80af4305ee7f_JaffaCakes118

  • Size

    321KB

  • Sample

    240810-k9bmhatdmp

  • MD5

    858e1b504d9ae8cc3bad80af4305ee7f

  • SHA1

    6a9164fe6e10cf12c3a126896f2dbc0ff7f868d2

  • SHA256

    9a63cd0f6551b74a9565eeb19925fb8b1e57b31e544647194c4d2d3213578df2

  • SHA512

    1fd0992ea7cb36a4e5a83822e0afe0031f0add9fe459cc1d2c78acd3cea22046c9a631b3521ec06bee7b29dcf4715147317eaa3dfadc045a95f3590180faa83d

  • SSDEEP

    6144:XmDUj24gqbrXJ9Q0ExNIoMARxx34ELdK70kyq1SAlECpOpZw:XqUj2LErXJG00NIovRHIod60U1SA2CpY

Malware Config

Extracted

Family

darkcomet

Botnet

ccc

C2

handsomehearteng.zapto.org:1604

Mutex

DC_MUTEX-CZYLWJF

Attributes
  • gencode

    nJUg47eKS3nw

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Extracted

Family

latentbot

C2

handsomehearteng.zapto.org

Targets

    • Target

      858e1b504d9ae8cc3bad80af4305ee7f_JaffaCakes118

    • Size

      321KB

    • MD5

      858e1b504d9ae8cc3bad80af4305ee7f

    • SHA1

      6a9164fe6e10cf12c3a126896f2dbc0ff7f868d2

    • SHA256

      9a63cd0f6551b74a9565eeb19925fb8b1e57b31e544647194c4d2d3213578df2

    • SHA512

      1fd0992ea7cb36a4e5a83822e0afe0031f0add9fe459cc1d2c78acd3cea22046c9a631b3521ec06bee7b29dcf4715147317eaa3dfadc045a95f3590180faa83d

    • SSDEEP

      6144:XmDUj24gqbrXJ9Q0ExNIoMARxx34ELdK70kyq1SAlECpOpZw:XqUj2LErXJG00NIovRHIod60U1SA2CpY

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

MITRE ATT&CK Enterprise v15

Tasks