General

  • Target

    f093f75b0c4fb499e79407a6f1e0677b_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240415-jb1nasca4t

  • MD5

    f093f75b0c4fb499e79407a6f1e0677b

  • SHA1

    4c49a59b3723aef75f7dbb1270151112cc844c7e

  • SHA256

    7c313a9892feb0bd975f6d8c1fe9ea0447adbf738c88353236079693046bb4d8

  • SHA512

    5034c1fab191f226aaa82f3f44b31d34f078c7aee2027f70a02cf6acb6db239311df60deacf19c1b798a658e4fdf775b4bbd67b0ba813357dc49f8247b7a1a68

  • SSDEEP

    12288:A5fQl3fYNmFm4ODd6spRXLh2pBHMP4KSt9043Q5yzYtS5Ur8bmFzujLRI4LZJZjE:DvYRRLpNAttTXgVan

Malware Config

Targets

    • Target

      f093f75b0c4fb499e79407a6f1e0677b_JaffaCakes118

    • Size

      1.1MB

    • MD5

      f093f75b0c4fb499e79407a6f1e0677b

    • SHA1

      4c49a59b3723aef75f7dbb1270151112cc844c7e

    • SHA256

      7c313a9892feb0bd975f6d8c1fe9ea0447adbf738c88353236079693046bb4d8

    • SHA512

      5034c1fab191f226aaa82f3f44b31d34f078c7aee2027f70a02cf6acb6db239311df60deacf19c1b798a658e4fdf775b4bbd67b0ba813357dc49f8247b7a1a68

    • SSDEEP

      12288:A5fQl3fYNmFm4ODd6spRXLh2pBHMP4KSt9043Q5yzYtS5Ur8bmFzujLRI4LZJZjE:DvYRRLpNAttTXgVan

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks