General

  • Target

    11a899652e96ac8dbc0c2590557f89b7_JaffaCakes118

  • Size

    930KB

  • Sample

    240626-mdf88asfnn

  • MD5

    11a899652e96ac8dbc0c2590557f89b7

  • SHA1

    8f249a3e904be7b849ef7e5647135dce3937b9e6

  • SHA256

    b3b0c947ba63b018a33cbaf6a9dcec54dfab6c7fc4b214e2398ad348d63f5fb9

  • SHA512

    a6a20ff309d283c28fc71d02acf0c698d9b6d7a69d54c79d3f3f5f18f7ee087c94a3b630e095f5263127d7aafab11d45b0150795904972eac688e01ac0f3d218

  • SSDEEP

    24576:rksvAoPcOligltAS2UU2nJQoIEanbiY1+U/iZfDUxFDGYiNg:AwAocOlxTfJfUnbZiZ7UxFDGRg

Malware Config

Targets

    • Target

      11a899652e96ac8dbc0c2590557f89b7_JaffaCakes118

    • Size

      930KB

    • MD5

      11a899652e96ac8dbc0c2590557f89b7

    • SHA1

      8f249a3e904be7b849ef7e5647135dce3937b9e6

    • SHA256

      b3b0c947ba63b018a33cbaf6a9dcec54dfab6c7fc4b214e2398ad348d63f5fb9

    • SHA512

      a6a20ff309d283c28fc71d02acf0c698d9b6d7a69d54c79d3f3f5f18f7ee087c94a3b630e095f5263127d7aafab11d45b0150795904972eac688e01ac0f3d218

    • SSDEEP

      24576:rksvAoPcOligltAS2UU2nJQoIEanbiY1+U/iZfDUxFDGYiNg:AwAocOlxTfJfUnbZiZ7UxFDGRg

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks