General

  • Target

    606d5d36ad6a00351c17fcebec2ed693_JaffaCakes118

  • Size

    432KB

  • Sample

    240720-3ja76ascrl

  • MD5

    606d5d36ad6a00351c17fcebec2ed693

  • SHA1

    9b41433028a28492a701cefa5ee3115945e2e3e0

  • SHA256

    14a5afcde4ad991b864beb60591b24b0ba0e326a482900aa81b8ecdf389f1bd5

  • SHA512

    a1bee14861a4d39bd1a353f1389b3543c3d367d15b6f592c4a2d06c6e747eb3af339c65a4af558989e63250e6b13820b076b987dcf516177a13352ed93ca7633

  • SSDEEP

    12288:SRFj6AXwRr5jdVd9JyxtrpukNd4WQ8j+aa17dZ6:dAX41dVx+3gU+a67dZ6

Malware Config

Targets

    • Target

      606d5d36ad6a00351c17fcebec2ed693_JaffaCakes118

    • Size

      432KB

    • MD5

      606d5d36ad6a00351c17fcebec2ed693

    • SHA1

      9b41433028a28492a701cefa5ee3115945e2e3e0

    • SHA256

      14a5afcde4ad991b864beb60591b24b0ba0e326a482900aa81b8ecdf389f1bd5

    • SHA512

      a1bee14861a4d39bd1a353f1389b3543c3d367d15b6f592c4a2d06c6e747eb3af339c65a4af558989e63250e6b13820b076b987dcf516177a13352ed93ca7633

    • SSDEEP

      12288:SRFj6AXwRr5jdVd9JyxtrpukNd4WQ8j+aa17dZ6:dAX41dVx+3gU+a67dZ6

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks