General

  • Target

    61ae76f78fa760f23cc975838f48ee1b_JaffaCakes118

  • Size

    822KB

  • Sample

    240721-2hg4ms1ajl

  • MD5

    61ae76f78fa760f23cc975838f48ee1b

  • SHA1

    3aa1fedb0fd9d16f5dd9f8ca0232bc65c88ae1a3

  • SHA256

    798aa292ef9b0cc057cd488a274921f23e1090c5be2f8872070e6d27aa792c85

  • SHA512

    26d3f9254f5567d19483b5b0c5635abc03a5b13213110b04af9362b75febac646f5a87304a0c1e1b4ee4f4d80386c8677b2018ad5348cdf0574ee8646d52e91a

  • SSDEEP

    24576:u3nbWmJVJFwSddIXvfhqbiaxvRxq93D0QZh9u:IamdZdcBYB

Malware Config

Targets

    • Target

      61ae76f78fa760f23cc975838f48ee1b_JaffaCakes118

    • Size

      822KB

    • MD5

      61ae76f78fa760f23cc975838f48ee1b

    • SHA1

      3aa1fedb0fd9d16f5dd9f8ca0232bc65c88ae1a3

    • SHA256

      798aa292ef9b0cc057cd488a274921f23e1090c5be2f8872070e6d27aa792c85

    • SHA512

      26d3f9254f5567d19483b5b0c5635abc03a5b13213110b04af9362b75febac646f5a87304a0c1e1b4ee4f4d80386c8677b2018ad5348cdf0574ee8646d52e91a

    • SSDEEP

      24576:u3nbWmJVJFwSddIXvfhqbiaxvRxq93D0QZh9u:IamdZdcBYB

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks