General

  • Target

    61a6c647f1fd1c4f8ca666fe7b11d04b_JaffaCakes118

  • Size

    679KB

  • Sample

    240721-2cmf6sxgkc

  • MD5

    61a6c647f1fd1c4f8ca666fe7b11d04b

  • SHA1

    81d80e7b5be3b6fad26936f05093ef1479c120be

  • SHA256

    e8376481838a0347cf2e08e09ec3d6a53424578356f68913b26bf167cd96df1f

  • SHA512

    c805b421b537b93eb8f66074896c1c59a37676f78fa8a695346a43f9966be3741c141ac7b38b5c37dfc97a7d285e085b7fb395563ed7b3eedd6cba5f05336f81

  • SSDEEP

    12288:MKSshbVh9m2FDI/ox8UQ7gl8Sd1jDrNAWcjAcgJoe7lhYDeB4MYuA3FclI:f3hl/x8UQ7Q8grCWcjTgJRQM4MG3Fc

Malware Config

Targets

    • Target

      61a6c647f1fd1c4f8ca666fe7b11d04b_JaffaCakes118

    • Size

      679KB

    • MD5

      61a6c647f1fd1c4f8ca666fe7b11d04b

    • SHA1

      81d80e7b5be3b6fad26936f05093ef1479c120be

    • SHA256

      e8376481838a0347cf2e08e09ec3d6a53424578356f68913b26bf167cd96df1f

    • SHA512

      c805b421b537b93eb8f66074896c1c59a37676f78fa8a695346a43f9966be3741c141ac7b38b5c37dfc97a7d285e085b7fb395563ed7b3eedd6cba5f05336f81

    • SSDEEP

      12288:MKSshbVh9m2FDI/ox8UQ7gl8Sd1jDrNAWcjAcgJoe7lhYDeB4MYuA3FclI:f3hl/x8UQ7Q8grCWcjTgJRQM4MG3Fc

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks