General

  • Target

    f17fd83052c28f01ba9debffab514946_JaffaCakes118

  • Size

    936KB

  • Sample

    240415-t3jh7sba29

  • MD5

    f17fd83052c28f01ba9debffab514946

  • SHA1

    bdd5b7b865f653da8d0429f0b6ff85ec76a5e4c2

  • SHA256

    5288372a6fbf27c5d9c0c41d7bbab85184faae8f6b4ff0acaa05866354b73806

  • SHA512

    5d29ef809a7b71de7935681c240bf78fda628a3fe4719a93e39ed40df99d63a47433e688d2f2e64b72e757de0a331ec3db8f27604f7180facd5e480530b39192

  • SSDEEP

    12288:S6XdA4Hjd1Owy2qEewr6JtUV3HK60gQOD4qU7KeVd3qPFNJ7QNIkfIFUA5Z:kUby2CJcd4TVgPtEfQUA5

Score
10/10

Malware Config

Targets

    • Target

      f17fd83052c28f01ba9debffab514946_JaffaCakes118

    • Size

      936KB

    • MD5

      f17fd83052c28f01ba9debffab514946

    • SHA1

      bdd5b7b865f653da8d0429f0b6ff85ec76a5e4c2

    • SHA256

      5288372a6fbf27c5d9c0c41d7bbab85184faae8f6b4ff0acaa05866354b73806

    • SHA512

      5d29ef809a7b71de7935681c240bf78fda628a3fe4719a93e39ed40df99d63a47433e688d2f2e64b72e757de0a331ec3db8f27604f7180facd5e480530b39192

    • SSDEEP

      12288:S6XdA4Hjd1Owy2qEewr6JtUV3HK60gQOD4qU7KeVd3qPFNJ7QNIkfIFUA5Z:kUby2CJcd4TVgPtEfQUA5

    Score
    10/10
    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks