Overview

overview

10

Static

static

10

ChangerSte...og.dll

windows7-x64

5

ChangerSte...og.dll

windows10-2004-x64

5

ChangerSte...og.dll

windows7-x64

5

ChangerSte...og.dll

windows10-2004-x64

5

Hack.exe

windows7-x64

10

Hack.exe

windows10-2004-x64

10

Читы �...д.url

windows7-x64

1

Читы �...д.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82e4b7bf703e63076c38fea973b0a44f_JaffaCakes118

  • Size

    306KB

  • Sample

    241031-nwdrgsypfj

  • MD5

    82e4b7bf703e63076c38fea973b0a44f

  • SHA1

    149e6fbd1dff89d2aa5a3cf8a8fa806a770218f1

  • SHA256

    142e18ff10fd279499f5c10f94175746e1eec5ef82b7dfbfde2b51a3c9e07a66

  • SHA512

    80f057265dc90700c1e1fbb59e01cf8001f771fac8c714586124033f54f62db64e30fbe9f8cf049648bd2a4ccb870200f0ca126aa167dd75e8641df33a208614

  • SSDEEP

    6144:78WsZzhWxX8Q1xxOrf9XlnFEl7KvhKK2TSqnREAfKX1:78Et1xYDRlnmevhKK2TTnREX1

Score
10/10
darkcometguest16discoveryrattrojanupx

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

127.0.0.1:1488

109.62.227.63:1488
Mutex

DC_MUTEX-2A9L649

Attributes
  • gencode

    Tqg7EJyTD5Ds

  • install

    false

  • offline_keylogger

    true

  • persistence

    false

Targets

    • Target

      ChangerSteamByOstrogV2/ChangerSteamByOstrog.asi

    • Size

      14KB

    • MD5

      d70a1f76186f5171fc9eb0c564aca078

    • SHA1

      2347eb13fac9b3ab09cfe32e09497a3feccc2d28

    • SHA256

      4b884c00d62b78b60eec7e99e98a4283504838c8bc83c5ef54186afd8374674f

    • SHA512

      9bd280e9a37e0177463738e2e447043a20e24a22c8c4dd5bc83c22f53c31d29a3feafd10a808a97383704c618d7224c6bb6e52f60600db4c265b7f97a42bf10a

    • SSDEEP

      384:3Wy69QW0gvujMnlrWroaNJawcudoD7Uy:3bWHuOZQnbcuyD7U

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      ChangerSteamByOstrogV2/ChangerSteamByOstrog.dll

    • Size

      43KB

    • MD5

      8be7868e56b934d338b24ed3a1f92e54

    • SHA1

      a293f447d18b3c9d87b17619c737d05039e3a950

    • SHA256

      c7308b8aa5092c67de5bd8a59fd0892b9ba02a5420f979a51e8347943ae7bd72

    • SHA512

      e9705dcccf894f48a656588d2ed8f04db9db0438d6835f360d78ab1a8d4ab8d1c34335266f07d6823c13f4b9191a72bd006acd7fe752542412c15fa6075b9b19

    • SSDEEP

      768:wYrwv9rqwFUtGA0nHcwERRWuTOhiLPYYQEKdjIm5EL8koTPrboe4nbcuyD7U:wYrwvBqwi8A0nH9s5OkLPYYemm5EgkG4

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      Hack.exe.exe

    • Size

      283KB

    • MD5

      c13e70ba8eba2a5412061203fec20adb

    • SHA1

      0cf092ebbf74d8fbb18018224da083331aad8ea2

    • SHA256

      91a8a7b0323b6869661c0102128e6d7d5a705ca7336a6828e442612fc6f52c18

    • SHA512

      23c518473ea8b2d3bdad5af40dba662618cb1ffa7a99079bdceddc881465b13dd2fe79a2ee9e3ff838fab4729a29203f3d0e8e1487316f8a0f8356e8a5309031

    • SSDEEP

      6144:icNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37jl:icW7KEZlPzCy37jl

    Score
    10/10
    darkcometguest16discoveryrattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      Читы для CS 1.6 ! Программы, Конфиги, Скрипты, Чит-плагины и т.д.URL

    • Size

      51B

    • MD5

      a508649208d709b46d89e3cb37166775

    • SHA1

      ed10ec7140eaec63164fb6bf56f9d6dfadc55a9c

    • SHA256

      44456275d987ac455af888e328118900b15554680452f44e08071ffd0d7af935

    • SHA512

      9421da4e28f83ea168e97efec29901038d658506c829b8722e7903d7f480819206a30d2aa8a40c47263017568567126c06166247bcbe9edeef329a5692396a06

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks