General

  • Target

    986eb9bcb3d302e50d0f7d49c145873f_JaffaCakes118

  • Size

    939KB

  • Sample

    240815-bxgtbaseqp

  • MD5

    986eb9bcb3d302e50d0f7d49c145873f

  • SHA1

    ab36ae214c653d7bcb5031eda9ebbfbdafbb8b45

  • SHA256

    362afceca2f381a7da055c2abd638bb8e2286358a70279bbf6fdb79f90e60733

  • SHA512

    b7837266359f822bcaa0bd6f5868315d5b0756fe7005bc9ebb4ba70515c21bd2303a43ee3c23daf92b5d766fc254686422ec1ce000a3716861e35d29f29078b1

  • SSDEEP

    24576:qQ6NbCTaG2JH7/aK8Ll8DTwhqB0qPxWxWx2z:UCmG2JbSCTWWWYs

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1604

Mutex

DC_MUTEX-J3YCHVQ

Attributes
  • gencode

    g6LYn1Rea157

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      986eb9bcb3d302e50d0f7d49c145873f_JaffaCakes118

    • Size

      939KB

    • MD5

      986eb9bcb3d302e50d0f7d49c145873f

    • SHA1

      ab36ae214c653d7bcb5031eda9ebbfbdafbb8b45

    • SHA256

      362afceca2f381a7da055c2abd638bb8e2286358a70279bbf6fdb79f90e60733

    • SHA512

      b7837266359f822bcaa0bd6f5868315d5b0756fe7005bc9ebb4ba70515c21bd2303a43ee3c23daf92b5d766fc254686422ec1ce000a3716861e35d29f29078b1

    • SSDEEP

      24576:qQ6NbCTaG2JH7/aK8Ll8DTwhqB0qPxWxWx2z:UCmG2JbSCTWWWYs

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks