General

  • Target

    12ccbff8f227d3420285771ce3426f93_JaffaCakes118

  • Size

    308KB

  • Sample

    240626-vzqc1sxdlr

  • MD5

    12ccbff8f227d3420285771ce3426f93

  • SHA1

    d7e6084658b13254e9b0de0b9b771f6782c30201

  • SHA256

    7e5b7c2b52c360439a8d83a6912881d52c6329691cb2d036b8de31ffa9738554

  • SHA512

    9f158f55db937546ad9afcafa6d3e5938de96d31c1876aaf9cc1e1a25ce5d5ac7917e20ad31742021b7bf0f6c7a90899615b2a996c143efb66d8da61b66dd67a

  • SSDEEP

    6144:PHK+xM3SRzRY/OD8led69Eoqz/BG5OXCBih6V+SiShnqM9D:49Eo8JxXAc6VPiCnqaD

Malware Config

Targets

    • Target

      12ccbff8f227d3420285771ce3426f93_JaffaCakes118

    • Size

      308KB

    • MD5

      12ccbff8f227d3420285771ce3426f93

    • SHA1

      d7e6084658b13254e9b0de0b9b771f6782c30201

    • SHA256

      7e5b7c2b52c360439a8d83a6912881d52c6329691cb2d036b8de31ffa9738554

    • SHA512

      9f158f55db937546ad9afcafa6d3e5938de96d31c1876aaf9cc1e1a25ce5d5ac7917e20ad31742021b7bf0f6c7a90899615b2a996c143efb66d8da61b66dd67a

    • SSDEEP

      6144:PHK+xM3SRzRY/OD8led69Eoqz/BG5OXCBih6V+SiShnqM9D:49Eo8JxXAc6VPiCnqaD

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks