General

  • Target

    f099166904861ab4279bcb3363818e1b_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240415-jkyv3acb7z

  • MD5

    f099166904861ab4279bcb3363818e1b

  • SHA1

    947bdc188faf9186d1a0da4c5344092796edeb7b

  • SHA256

    b77cbf38ccd7eaffd507edd029defb701eb4f7627eb55d24b00981188af05a33

  • SHA512

    8cd115cdfe8e286a79a7b81a948ff5475f9492b0d649c632fefa64576aa648cf24acb18659f575ad31927a7f6f83554aff90a24d74eb6881696875497c69bc3b

  • SSDEEP

    12288:krcp5dIUYqiMzISoyzoSQMJe+Cixm4I5aex6sDQ6Z6pfwXOisfg+KpDZqLivKBSS:YGYKzmx+CJn5jDQ3pNtyDZ+E8b

Malware Config

Targets

    • Target

      f099166904861ab4279bcb3363818e1b_JaffaCakes118

    • Size

      1.0MB

    • MD5

      f099166904861ab4279bcb3363818e1b

    • SHA1

      947bdc188faf9186d1a0da4c5344092796edeb7b

    • SHA256

      b77cbf38ccd7eaffd507edd029defb701eb4f7627eb55d24b00981188af05a33

    • SHA512

      8cd115cdfe8e286a79a7b81a948ff5475f9492b0d649c632fefa64576aa648cf24acb18659f575ad31927a7f6f83554aff90a24d74eb6881696875497c69bc3b

    • SSDEEP

      12288:krcp5dIUYqiMzISoyzoSQMJe+Cixm4I5aex6sDQ6Z6pfwXOisfg+KpDZqLivKBSS:YGYKzmx+CJn5jDQ3pNtyDZ+E8b

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks