General

  • Target

    131af0e4c40f5e7dfca711a45816fa37_JaffaCakes118

  • Size

    929KB

  • Sample

    240626-xwajha1fqr

  • MD5

    131af0e4c40f5e7dfca711a45816fa37

  • SHA1

    5c72ad82cd2da3807290c2d384546740097dd8c9

  • SHA256

    f4d30cb13736e18e207fe01046a535f4152c3c9d0581214fd9caf8dc7f19e0ea

  • SHA512

    dcb2d216965ec03d4cd691327f65a7f1ceede9253c0a16ab8c5d3aca66a6809c65637b264329ae76bae55927d5e6ced5a6f10297110cf5ac9e9af1e29d1bec19

  • SSDEEP

    24576:iY7WkuuKVuKBWXmKyT6duKvvbyyUHb8V0Zpu9Aooo0:57WvuKV9BWbymveHAsC

Malware Config

Targets

    • Target

      131af0e4c40f5e7dfca711a45816fa37_JaffaCakes118

    • Size

      929KB

    • MD5

      131af0e4c40f5e7dfca711a45816fa37

    • SHA1

      5c72ad82cd2da3807290c2d384546740097dd8c9

    • SHA256

      f4d30cb13736e18e207fe01046a535f4152c3c9d0581214fd9caf8dc7f19e0ea

    • SHA512

      dcb2d216965ec03d4cd691327f65a7f1ceede9253c0a16ab8c5d3aca66a6809c65637b264329ae76bae55927d5e6ced5a6f10297110cf5ac9e9af1e29d1bec19

    • SSDEEP

      24576:iY7WkuuKVuKBWXmKyT6duKvvbyyUHb8V0Zpu9Aooo0:57WvuKV9BWbymveHAsC

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks