General

  • Target

    1276d361cea59860a47008bd351b930e_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240626-stkt8stbpp

  • MD5

    1276d361cea59860a47008bd351b930e

  • SHA1

    607f923229ec991c1bf4fa0fc521f3a35c5854ca

  • SHA256

    a40d0160d5e9d7a582e1e110b6564d5b9eb19ebb200306746da8d9eaad80ce95

  • SHA512

    2eb3c9c7087aefc4208954736c1e8b19f5f893c45e3c49d4190ed74bdc6a1653c3c83042e5d3a1338eff1b7455dd3245dc4a9cb978d1ea6a892ac91517c7be63

  • SSDEEP

    24576:219CNRTAeS8NYsUaMRz/qTGEssuqVoBgUtlNBr1/E:5ieS82smz/3Essu8oftxr

Malware Config

Targets

    • Target

      1276d361cea59860a47008bd351b930e_JaffaCakes118

    • Size

      1.1MB

    • MD5

      1276d361cea59860a47008bd351b930e

    • SHA1

      607f923229ec991c1bf4fa0fc521f3a35c5854ca

    • SHA256

      a40d0160d5e9d7a582e1e110b6564d5b9eb19ebb200306746da8d9eaad80ce95

    • SHA512

      2eb3c9c7087aefc4208954736c1e8b19f5f893c45e3c49d4190ed74bdc6a1653c3c83042e5d3a1338eff1b7455dd3245dc4a9cb978d1ea6a892ac91517c7be63

    • SSDEEP

      24576:219CNRTAeS8NYsUaMRz/qTGEssuqVoBgUtlNBr1/E:5ieS82smz/3Essu8oftxr

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks