General

  • Target

    12e32d071bd60abaa851badbdf8380ca_JaffaCakes118

  • Size

    524KB

  • Sample

    240626-wj5y7swaja

  • MD5

    12e32d071bd60abaa851badbdf8380ca

  • SHA1

    084046c68b57bc33e8479f45ddcae647815700af

  • SHA256

    8b9d0b2e7cb48a718e79d69f9c8ca135b089f9fd18ef5ac1662887b747945f62

  • SHA512

    72f4d42a05112f94cbbb7237a1f2d14dc6612485ac0f43940bcf8486093a5b596b61b46d0fdfb8ce7d2d4764aabab15a01f073bb893f9594440d1c36529360c3

  • SSDEEP

    6144:TEo1tixU698GYaez7vCuGISVTJZCgyFhXi9R037lnwtpxsvCIb/wTYBG0d7gbtNV:AU69zsvxTgSgiXie7lTv1/Gea8U

Malware Config

Targets

    • Target

      12e32d071bd60abaa851badbdf8380ca_JaffaCakes118

    • Size

      524KB

    • MD5

      12e32d071bd60abaa851badbdf8380ca

    • SHA1

      084046c68b57bc33e8479f45ddcae647815700af

    • SHA256

      8b9d0b2e7cb48a718e79d69f9c8ca135b089f9fd18ef5ac1662887b747945f62

    • SHA512

      72f4d42a05112f94cbbb7237a1f2d14dc6612485ac0f43940bcf8486093a5b596b61b46d0fdfb8ce7d2d4764aabab15a01f073bb893f9594440d1c36529360c3

    • SSDEEP

      6144:TEo1tixU698GYaez7vCuGISVTJZCgyFhXi9R037lnwtpxsvCIb/wTYBG0d7gbtNV:AU69zsvxTgSgiXie7lTv1/Gea8U

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks