Overview

overview

10

Static

static

3

Techno-Sca...le.bat

windows7-x64

1

Techno-Sca...le.bat

windows10-2004-x64

1

Techno-Sca...sh.txt

ubuntu-18.04-amd64

Techno-Sca...sh.txt

debian-9-armhf

Techno-Sca...sh.txt

debian-9-mips

Techno-Sca...sh.txt

debian-9-mipsel

Techno-Sca...jl.jar

windows7-x64

1

Techno-Sca...jl.jar

windows10-2004-x64

1

Techno-Sca...un.exe

windows7-x64

10

Techno-Sca...un.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30c966f9d76eaab46de65c6ea04261d2_JaffaCakes118

  • Size

    1.5MB

  • Sample

    241010-tqy35avblh

  • MD5

    30c966f9d76eaab46de65c6ea04261d2

  • SHA1

    46f3ece4c54a4a06fe470bc8f6cd1f8aa797f94a

  • SHA256

    a3a877d52fb6aa2a33a0d85893c73fdbe0621be7aeb4efeda42e05addfcc1a90

  • SHA512

    9f6d06005cd149baaeb264f84e2e05359848185e6cf0e3219fa60bc7f45ad80311109f0231878f759e195890365f4568e790dd1aa2d59f615f299d7b455aebfe

  • SSDEEP

    24576:GcEVaf0i/mJ6EPmu/9LQCHvLMhzz9yCiFApj64uY8oJ4azFuaahwfcrhPb1AFaa2:GcZVu6EOm98CU39yl2pZxjIaaThahRWZ

Score
10/10
darkcometguest16discoverylinuxrattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

anonymous.no-ip.biz:1604

Mutex

DC_MUTEX-584KTPC

Attributes
  • gencode

    bynBHQc30zXD

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      Techno-Scape Client/Compile.bat

    • Size

      145B

    • MD5

      3d413bfcdcaa031589e0018b467a3f5b

    • SHA1

      a6627a267f7d4570c8ef9434e9d09474e27e89f8

    • SHA256

      2805237717bd8a52592f66e3993af2e7deaeb2d719df9754caa348d724ec6593

    • SHA512

      ca3c31553273c3f1fdda8353b6f5e8a1c6274f873b10f489d8ad9713c79ad76b8eae7c07adee9d99121818266368b9b689aa808684425c1729cd560c5bd1aebf

    Score
    1/10
    behavioral1behavioral2

    • Target

      Techno-Scape Client/Javafiles/run.sh.txt

    • Size

      266B

    • MD5

      ab225055fd0fe77e61ef9123819ef266

    • SHA1

      8a014ef4ac52276bb4a96f8d0a2c6bf20d57d550

    • SHA256

      9e111a8fa04a32ce4f84be0fd5a6c251e4bca5ff6d078524bb3c759fc4bda5b2

    • SHA512

      808f518e7c5296939cf1a53e3565e05945f741e7f5cec269a5757696f9cefe7eadb15b806f60ae5bc7f006d75159e5a7a5977ba7d1ecb03841197186e67f9b75

    Score
    1/10
    behavioral3behavioral4behavioral5behavioral6

    • Target

      Techno-Scape Client/javazoom/jl.jar

    • Size

      102KB

    • MD5

      beb5af7c8e02649ca6d22514d9ecab52

    • SHA1

      2020d545657508bd82beab00359dcc50996b875e

    • SHA256

      3f7d521ddeb29e40c2b188a3cc6d78e2f62d478548f3d00f33bb5c19c95fde95

    • SHA512

      c2d75ece5aa5d3ab68f5ee189b346433c652f34485fc0f59d9a1635f8dec4bc9a3388d2d5d96b1e42fdab18b10c230b55bf437844e6805f0f144c7bdc1834939

    • SSDEEP

      3072:ujX14/kZEfakdjpLx1vTOCNn/vVG+wZ7uxiL:u54nfaetx17OCh/vFsuxA

    Score
    1/10
    behavioral7behavioral8

    • Target

      Techno-Scape Client/run.bat

    • Size

      430KB

    • MD5

      e0d6a1a9287d1408cd21559123d7b240

    • SHA1

      6bf371c744dcbafa061a3566e1e99c91ff134178

    • SHA256

      0a62af46dcf7072571e40cd9d6091bb04b62e88e043496127b36871fb07b534a

    • SHA512

      03bc5cd56f73fb1592544a719ca79cc8d867b3e0b0f4fc3e042ab3b4e4352417f37a4e9a8c3ba23df0c0d15d177fd9c2abf702c0310d04550f3f0bec9b24c3b8

    • SSDEEP

      6144:WYmHLKxXSSe9bGVGy4AmQ9ayfHBAfmhX5mggooeP3jvWmzi3MizYqI/xhrv9:TUmgb5Amma6BAf+5mOjvW13XIh79

    Score
    10/10
    darkcometguest16discoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks