General

  • Target

    127d59e896105a4ca97bc280f568dcb0_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240626-szkfnatdql

  • MD5

    127d59e896105a4ca97bc280f568dcb0

  • SHA1

    0a20354cb57ef1d58c4e7c51e24599a5fba172d0

  • SHA256

    3483fc2b3d3897609a3c0374f863ebf6b1c7088ce6ecfa4b4d4db81b8d39edca

  • SHA512

    110e78f265e09f0d49990a069ef3023c448c8acfebb127be8a1d2aa35176a1a3a31992a7a83ac34555e2e354fa42a5de232ff24e96ca0ce4cad350919f019ff2

  • SSDEEP

    24576:SBY/jbLgH/8HM7wv11Coaz7iVW8MilGe05QiwJ0M5QFV:Nak5vzC1iM5icKi38Qj

Malware Config

Targets

    • Target

      127d59e896105a4ca97bc280f568dcb0_JaffaCakes118

    • Size

      1.1MB

    • MD5

      127d59e896105a4ca97bc280f568dcb0

    • SHA1

      0a20354cb57ef1d58c4e7c51e24599a5fba172d0

    • SHA256

      3483fc2b3d3897609a3c0374f863ebf6b1c7088ce6ecfa4b4d4db81b8d39edca

    • SHA512

      110e78f265e09f0d49990a069ef3023c448c8acfebb127be8a1d2aa35176a1a3a31992a7a83ac34555e2e354fa42a5de232ff24e96ca0ce4cad350919f019ff2

    • SSDEEP

      24576:SBY/jbLgH/8HM7wv11Coaz7iVW8MilGe05QiwJ0M5QFV:Nak5vzC1iM5icKi38Qj

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks