General

  • Target

    92c2cdc4c51b7dd0aff671bce756da82_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240813-mzjw8szajd

  • MD5

    92c2cdc4c51b7dd0aff671bce756da82

  • SHA1

    c114dc4ff949815321d6f7e9128ab6166ef6f8c0

  • SHA256

    c8de43e26f714e30f65860b7b2ccc29b59a807a1d170d94456a3fe70d7117ddc

  • SHA512

    8f47a8df5e7fcd8aa3dfaef31a72bb93aa1c3b295e17430f43462e8f8466ea6fa811504713da21c83d3474694fe91d83956f9ca744f21aef46df4bbc3c082320

  • SSDEEP

    24576:UglzELk2U1zQ1bjM59MjDLsSIQgmrGtq/vZLqcj7mKsD0QZh9u:UIH28z0j0MLs/QrT3

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

zakariaelagha.no-ip.biz:1604

Mutex

DC_MUTEX-F54S21D

Attributes
  • gencode

    epMu79A5QmxD

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      92c2cdc4c51b7dd0aff671bce756da82_JaffaCakes118

    • Size

      1.2MB

    • MD5

      92c2cdc4c51b7dd0aff671bce756da82

    • SHA1

      c114dc4ff949815321d6f7e9128ab6166ef6f8c0

    • SHA256

      c8de43e26f714e30f65860b7b2ccc29b59a807a1d170d94456a3fe70d7117ddc

    • SHA512

      8f47a8df5e7fcd8aa3dfaef31a72bb93aa1c3b295e17430f43462e8f8466ea6fa811504713da21c83d3474694fe91d83956f9ca744f21aef46df4bbc3c082320

    • SSDEEP

      24576:UglzELk2U1zQ1bjM59MjDLsSIQgmrGtq/vZLqcj7mKsD0QZh9u:UIH28z0j0MLs/QrT3

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks