General

  • Target

    efae2dc9c812edcd76426579e516c7d3_JaffaCakes118

  • Size

    3.8MB

  • Sample

    240414-2l67yafg53

  • MD5

    efae2dc9c812edcd76426579e516c7d3

  • SHA1

    df8acdef44d958bcec5fb64757a554cfa5bc5f14

  • SHA256

    03e15b7644a4692524bd1e5e41cb22921a5bec52191d390160b0d6de61940cdd

  • SHA512

    07bb99811d17b84ab5a11903f8623d8d84eb6e2063210630fcaa7d6fc3006317572846167e10c36f75b22ced12ac99f33f0911f87eff48fc4e7f5f2fbaf8f5ac

  • SSDEEP

    98304:vJwakG4fYrq1HJvpliCQHawbzBbGSlaUEI96kdQDanpqHrO3ndI3/lL/v7zVwwX/:vJwakG4fYrq1HJvpliCQHawbzBbGSlah

Malware Config

Targets

    • Target

      efae2dc9c812edcd76426579e516c7d3_JaffaCakes118

    • Size

      3.8MB

    • MD5

      efae2dc9c812edcd76426579e516c7d3

    • SHA1

      df8acdef44d958bcec5fb64757a554cfa5bc5f14

    • SHA256

      03e15b7644a4692524bd1e5e41cb22921a5bec52191d390160b0d6de61940cdd

    • SHA512

      07bb99811d17b84ab5a11903f8623d8d84eb6e2063210630fcaa7d6fc3006317572846167e10c36f75b22ced12ac99f33f0911f87eff48fc4e7f5f2fbaf8f5ac

    • SSDEEP

      98304:vJwakG4fYrq1HJvpliCQHawbzBbGSlaUEI96kdQDanpqHrO3ndI3/lL/v7zVwwX/:vJwakG4fYrq1HJvpliCQHawbzBbGSlah

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks