General

  • Target

    d030e69d60fbc0819bbdaacc66a902bf_JaffaCakes118

  • Size

    596KB

  • Sample

    241207-cp6cdazqdz

  • MD5

    d030e69d60fbc0819bbdaacc66a902bf

  • SHA1

    77cb5716f9f5ccc26d172ec8f721e8e482d0dd37

  • SHA256

    b67273426b187212e1b5eedb340c8a34d7b6f43339f2cfe8036b7b903edad9d5

  • SHA512

    4f5ac3a31448ac1f580bc36fd8171cc178e68fa7460db9a5e41562ec634c28a7514be47d8e623c5547343771605a49bf58198a3f99f16489d57ded2ed32ea6da

  • SSDEEP

    12288:OVZPjJA6ZkA+Ah8x/mYMIDWWwveLurnCWtoDH6An+fxBIjnq:OVBJFZkAT8xuY36W8nCyffAjn

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16_min

C2

nikospap.zapto.org:3206

Mutex

DCMIN_MUTEX-USMAYRA

Attributes
  • InstallPath

    DCSCMIN\IMDCSC.exe

  • gencode

    dQyDfVnpjzSY

  • install

    true

  • offline_keylogger

    true

  • persistence

    false

  • reg_key

    Cleaner

Targets

    • Target

      d030e69d60fbc0819bbdaacc66a902bf_JaffaCakes118

    • Size

      596KB

    • MD5

      d030e69d60fbc0819bbdaacc66a902bf

    • SHA1

      77cb5716f9f5ccc26d172ec8f721e8e482d0dd37

    • SHA256

      b67273426b187212e1b5eedb340c8a34d7b6f43339f2cfe8036b7b903edad9d5

    • SHA512

      4f5ac3a31448ac1f580bc36fd8171cc178e68fa7460db9a5e41562ec634c28a7514be47d8e623c5547343771605a49bf58198a3f99f16489d57ded2ed32ea6da

    • SSDEEP

      12288:OVZPjJA6ZkA+Ah8x/mYMIDWWwveLurnCWtoDH6An+fxBIjnq:OVBJFZkAT8xuY36W8nCyffAjn

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Modifies WinLogon for persistence

    • Modiloader family

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks