General

  • Target

    9a7aa5fa464caf285e446b2a1106aa7c_JaffaCakes118

  • Size

    775KB

  • Sample

    240815-sbce5sxelb

  • MD5

    9a7aa5fa464caf285e446b2a1106aa7c

  • SHA1

    b2916e64d226fe5fb59517cf6bf82d135f34bfe1

  • SHA256

    fb0f3e1ef821321f65e80f723df25219420c3de43afe3c7648b180b95b8572c0

  • SHA512

    1ce6c588c537e2cca4358a69e8f00a2e07bd76f6e49dbb8b2f75a726645fb17fa9eea3a2ec6378214af6af2d52b43d62b719963a618022cc830b6cda859e7a5a

  • SSDEEP

    24576:j8vpUxEfCEWTh5YfB9ElFmKfydKMzX5CHwhb2v:j8BEEqE8hG0mKKdjMQ8v

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Extracted

Family

darkcomet

Botnet

Guest16

C2

mikikee101.no-ip.biz:1604

Mutex

DC_MUTEX-9Z0XS1J

Attributes
  • gencode

    X5EiMd4aymlG

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      9a7aa5fa464caf285e446b2a1106aa7c_JaffaCakes118

    • Size

      775KB

    • MD5

      9a7aa5fa464caf285e446b2a1106aa7c

    • SHA1

      b2916e64d226fe5fb59517cf6bf82d135f34bfe1

    • SHA256

      fb0f3e1ef821321f65e80f723df25219420c3de43afe3c7648b180b95b8572c0

    • SHA512

      1ce6c588c537e2cca4358a69e8f00a2e07bd76f6e49dbb8b2f75a726645fb17fa9eea3a2ec6378214af6af2d52b43d62b719963a618022cc830b6cda859e7a5a

    • SSDEEP

      24576:j8vpUxEfCEWTh5YfB9ElFmKfydKMzX5CHwhb2v:j8BEEqE8hG0mKKdjMQ8v

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies firewall policy service

    • Sality

      Sality is backdoor written in C++, first discovered in 2003.

    • UAC bypass

    • Windows security bypass

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks