General

  • Target

    f6deaf165da7a337c68048a046178c57_JaffaCakes118

  • Size

    318KB

  • Sample

    240418-aepkrsba22

  • MD5

    f6deaf165da7a337c68048a046178c57

  • SHA1

    ff6ce2d1eb1d81a392e0b6acf02017fbbf526181

  • SHA256

    d19c4864f78997a15056dd3dd3e53e144c412d1add11866ed2b36c6e933797a5

  • SHA512

    ba8f18fc2806e3325e09dd7aef269da6eacf6ce6a884b87b4e354b311106a0f24bbc147ba987087bdfa861d395b9412c5464efbd7a570d51a4d0d75a83dc5562

  • SSDEEP

    6144:gTu5OUFQPwNcv0kPmAGsyRILcAHRsNW+oKE0QJDBx0KEVaLOrd8ZH22aY:iuzmOCzGyiNW+oz06Bx0fByH2BY

Malware Config

Targets

    • Target

      f6deaf165da7a337c68048a046178c57_JaffaCakes118

    • Size

      318KB

    • MD5

      f6deaf165da7a337c68048a046178c57

    • SHA1

      ff6ce2d1eb1d81a392e0b6acf02017fbbf526181

    • SHA256

      d19c4864f78997a15056dd3dd3e53e144c412d1add11866ed2b36c6e933797a5

    • SHA512

      ba8f18fc2806e3325e09dd7aef269da6eacf6ce6a884b87b4e354b311106a0f24bbc147ba987087bdfa861d395b9412c5464efbd7a570d51a4d0d75a83dc5562

    • SSDEEP

      6144:gTu5OUFQPwNcv0kPmAGsyRILcAHRsNW+oKE0QJDBx0KEVaLOrd8ZH22aY:iuzmOCzGyiNW+oz06Bx0fByH2BY

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks