General

  • Target

    8765a5e1f007f0063ab6d1f55a986fe8_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240810-ydwjpavcnn

  • MD5

    8765a5e1f007f0063ab6d1f55a986fe8

  • SHA1

    0df249f5c7d9e6bb91c73a8fd7651d186571b97c

  • SHA256

    df11a1c9b0f856c56cde814e93905525b87b81ad089fee0e5f8ac685fd582fba

  • SHA512

    4eb5ca1663b452f80062df5a5f91630d3c7def41c334118d1b4a4862ad642fb3d7960f56b32082ff5fbff2b78a9fbc11961b949c4f1e765a144fa4f959658038

  • SSDEEP

    24576:6MKL7S6ZU6+7oiXkgPDBfvWuljngt1ZNmPDPe9NrR2Df8oasV7qwMpELbQIplqVT:6pL7SVRciXFteuljuZMPavrRytaIqzuR

Malware Config

Extracted

Family

darkcomet

Botnet

aaaa608

C2

handsomehearteng.zapto.org:1608

Mutex

DC_MUTEX-WPKUFHB

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    nlbQUbAhW2Ce

  • install

    true

  • offline_keylogger

    false

  • password

    123456

  • persistence

    false

  • reg_key

    MicroUpdate

Extracted

Family

latentbot

C2

handsomehearteng.zapto.org

Targets

    • Target

      8765a5e1f007f0063ab6d1f55a986fe8_JaffaCakes118

    • Size

      1.5MB

    • MD5

      8765a5e1f007f0063ab6d1f55a986fe8

    • SHA1

      0df249f5c7d9e6bb91c73a8fd7651d186571b97c

    • SHA256

      df11a1c9b0f856c56cde814e93905525b87b81ad089fee0e5f8ac685fd582fba

    • SHA512

      4eb5ca1663b452f80062df5a5f91630d3c7def41c334118d1b4a4862ad642fb3d7960f56b32082ff5fbff2b78a9fbc11961b949c4f1e765a144fa4f959658038

    • SSDEEP

      24576:6MKL7S6ZU6+7oiXkgPDBfvWuljngt1ZNmPDPe9NrR2Df8oasV7qwMpELbQIplqVT:6pL7SVRciXFteuljuZMPavrRytaIqzuR

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

    • Modifies WinLogon for persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks