General

  • Target

    f007b11b6014d888d33b581c438bc296_JaffaCakes118

  • Size

    757KB

  • Sample

    240415-cc17wsbe82

  • MD5

    f007b11b6014d888d33b581c438bc296

  • SHA1

    18fe4c3997b5730b3c0a375314be046903325817

  • SHA256

    570985f06c6a51a2df7ff6706931807de298709e0083a56b38caf572635efec0

  • SHA512

    58bc0f72616b8f918ffce1b50a858b50596784e8062860cceb4b9ac92103147f719729460b86c009ce6e404a073beb438d0880e97f23ce61fa66d66e609645b5

  • SSDEEP

    12288:w9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKEqMd0QZh9u:2AQ6Zx9cxTmOrucTIEFSpOGVD0QZh9u

Malware Config

Targets

    • Target

      f007b11b6014d888d33b581c438bc296_JaffaCakes118

    • Size

      757KB

    • MD5

      f007b11b6014d888d33b581c438bc296

    • SHA1

      18fe4c3997b5730b3c0a375314be046903325817

    • SHA256

      570985f06c6a51a2df7ff6706931807de298709e0083a56b38caf572635efec0

    • SHA512

      58bc0f72616b8f918ffce1b50a858b50596784e8062860cceb4b9ac92103147f719729460b86c009ce6e404a073beb438d0880e97f23ce61fa66d66e609645b5

    • SSDEEP

      12288:w9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKEqMd0QZh9u:2AQ6Zx9cxTmOrucTIEFSpOGVD0QZh9u

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Disables Task Manager via registry modification

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks