General

  • Target

    f15c951b1ec384cab7e3bee192122626_JaffaCakes118

  • Size

    373KB

  • Sample

    240415-smv2mabg5w

  • MD5

    f15c951b1ec384cab7e3bee192122626

  • SHA1

    e58821eb0fdc4d4eed85265ba4c495b7ddb371a1

  • SHA256

    d1b35bd0810cc6590b227a815ace1a9cf795f9a917bba2fa74ce5f1262387f23

  • SHA512

    18d83c4482e5d8762ca241f8935e88464e43801af96876a8cd2c299a07eb41dcc977afe12766b478ecc98c0dea485e186553c79dbc12df788361411961e7f946

  • SSDEEP

    6144:wdd8xHVErhawhgnzvD624tOUAZKpwx730qSgj2a76cjWLLeMdWnpQZh9h4/:wd+xHUwAK224xAtPSw2SjbMd0QZh9u

Malware Config

Targets

    • Target

      f15c951b1ec384cab7e3bee192122626_JaffaCakes118

    • Size

      373KB

    • MD5

      f15c951b1ec384cab7e3bee192122626

    • SHA1

      e58821eb0fdc4d4eed85265ba4c495b7ddb371a1

    • SHA256

      d1b35bd0810cc6590b227a815ace1a9cf795f9a917bba2fa74ce5f1262387f23

    • SHA512

      18d83c4482e5d8762ca241f8935e88464e43801af96876a8cd2c299a07eb41dcc977afe12766b478ecc98c0dea485e186553c79dbc12df788361411961e7f946

    • SSDEEP

      6144:wdd8xHVErhawhgnzvD624tOUAZKpwx730qSgj2a76cjWLLeMdWnpQZh9h4/:wd+xHUwAK224xAtPSw2SjbMd0QZh9u

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks