General

  • Target

    efc29049fa5d14ed1db26fc6fbc7174a_JaffaCakes118

  • Size

    648KB

  • Sample

    240414-3fmf1sgf28

  • MD5

    efc29049fa5d14ed1db26fc6fbc7174a

  • SHA1

    2bba18e0c933936dd9290c6dde35c5fc1b7bd699

  • SHA256

    5d12db2475846f968b67d2dc287bd9d0fbc8f47f69f03911ec16c2ed23eb9324

  • SHA512

    c9df29c2b918d3f4cebef4eba1ba2f8dc1cdf8a464bf8eb4e876852c385f412eccd80029a54414c678bb9a66828edfa0e74c06c445e5a29afe8f48b0ed049de8

  • SSDEEP

    12288:06A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhf:JAmBpVKHu0Mu9Xo20VGLVP5f

Malware Config

Targets

    • Target

      efc29049fa5d14ed1db26fc6fbc7174a_JaffaCakes118

    • Size

      648KB

    • MD5

      efc29049fa5d14ed1db26fc6fbc7174a

    • SHA1

      2bba18e0c933936dd9290c6dde35c5fc1b7bd699

    • SHA256

      5d12db2475846f968b67d2dc287bd9d0fbc8f47f69f03911ec16c2ed23eb9324

    • SHA512

      c9df29c2b918d3f4cebef4eba1ba2f8dc1cdf8a464bf8eb4e876852c385f412eccd80029a54414c678bb9a66828edfa0e74c06c445e5a29afe8f48b0ed049de8

    • SSDEEP

      12288:06A84PaHhfD/tV9sj5NKR0pau9XGyu2qBVGLQyTPfhf:JAmBpVKHu0Mu9Xo20VGLVP5f

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies security service

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks