General

  • Target

    JaffaCakes118_55878493b2278b1fb1d6491cf467b63f

  • Size

    879KB

  • Sample

    250306-jnqnvssyav

  • MD5

    55878493b2278b1fb1d6491cf467b63f

  • SHA1

    e567da5190b0d47b9e459d0fb1ff3cb05c4f0ea9

  • SHA256

    1e93e2fbeaf80699dc0cb0b4a515aab900c410f3df2a533dab4d5668e067f0d7

  • SHA512

    09c833aff4f4a19aeb195c31800fc21124f6a81e0853d053063b5c35162b85e0cbb316e517f5737dd9118dc62dcff6b2ee19a3bc58ea93d8dbc42341297adac0

  • SSDEEP

    12288:r9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK4ekPmCA3vg:5AQ6Zx9cxTmOrucTIEFSpOGMIA3o

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

romeo.hopto.org:2011

Mutex

DC_MUTEX-F54S21D

Attributes
  • InstallPath

    Windupdt\winupdate.exe

  • gencode

    mZAhdaK9mugP

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    winupdater

rc4.plain

Targets

    • Target

      JaffaCakes118_55878493b2278b1fb1d6491cf467b63f

    • Size

      879KB

    • MD5

      55878493b2278b1fb1d6491cf467b63f

    • SHA1

      e567da5190b0d47b9e459d0fb1ff3cb05c4f0ea9

    • SHA256

      1e93e2fbeaf80699dc0cb0b4a515aab900c410f3df2a533dab4d5668e067f0d7

    • SHA512

      09c833aff4f4a19aeb195c31800fc21124f6a81e0853d053063b5c35162b85e0cbb316e517f5737dd9118dc62dcff6b2ee19a3bc58ea93d8dbc42341297adac0

    • SSDEEP

      12288:r9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK4ekPmCA3vg:5AQ6Zx9cxTmOrucTIEFSpOGMIA3o

MITRE ATT&CK Enterprise v15

Tasks