General

  • Target

    1091368b4b563e3d0dbf51c25e23ea00_JaffaCakes118

  • Size

    659KB

  • Sample

    240626-dyyvbssbnc

  • MD5

    1091368b4b563e3d0dbf51c25e23ea00

  • SHA1

    5299909d89d1d8a046f044f910ff03e8d48a37d1

  • SHA256

    783f527dc2b7596af04dcaaa5ead4c8380fe305b9b4da9ecd45e5b1203683e05

  • SHA512

    2fc4d56de27301ca6d7c71be1f1eeebfb39c2fe68a51a9f52534b9811c27677d930e205b7c61162e44db9352f0444b4f7e802aae96d27c7869377f874dce8281

  • SSDEEP

    12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKrL:3AQ6Zx9cxTmOrucTIEFSpOGO

Malware Config

Targets

    • Target

      1091368b4b563e3d0dbf51c25e23ea00_JaffaCakes118

    • Size

      659KB

    • MD5

      1091368b4b563e3d0dbf51c25e23ea00

    • SHA1

      5299909d89d1d8a046f044f910ff03e8d48a37d1

    • SHA256

      783f527dc2b7596af04dcaaa5ead4c8380fe305b9b4da9ecd45e5b1203683e05

    • SHA512

      2fc4d56de27301ca6d7c71be1f1eeebfb39c2fe68a51a9f52534b9811c27677d930e205b7c61162e44db9352f0444b4f7e802aae96d27c7869377f874dce8281

    • SSDEEP

      12288:B9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKrL:3AQ6Zx9cxTmOrucTIEFSpOGO

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies security service

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks