General

  • Target

    607fae061fbb9b0961e35088ff4d655c_JaffaCakes118

  • Size

    2.9MB

  • Sample

    240721-n5dg3ssakm

  • MD5

    607fae061fbb9b0961e35088ff4d655c

  • SHA1

    9836fdc410e59e4a970ec7ac1daf09f13cb03a1c

  • SHA256

    2d89de4d350863b0fca39ef04d53f48e1827a4d32933249ac7aac66b2e4a3aff

  • SHA512

    015b1f562aaa567c5f8f8ace8227467f232170e1ae1421a8bc9b63ed6e0cb484dd54ec7b362565a33269b143865622b4715a348bc623d4c20f8abbf9d4497286

  • SSDEEP

    12288:4nzw6FRc/UBg/UUtdDScA5bTN+RNrHdeCMpRPaUfwPFIxQ8KAwFp/c1IEuFVwq:cwOQtA77+391ARPaf8KAwIIErq

Malware Config

Targets

    • Target

      607fae061fbb9b0961e35088ff4d655c_JaffaCakes118

    • Size

      2.9MB

    • MD5

      607fae061fbb9b0961e35088ff4d655c

    • SHA1

      9836fdc410e59e4a970ec7ac1daf09f13cb03a1c

    • SHA256

      2d89de4d350863b0fca39ef04d53f48e1827a4d32933249ac7aac66b2e4a3aff

    • SHA512

      015b1f562aaa567c5f8f8ace8227467f232170e1ae1421a8bc9b63ed6e0cb484dd54ec7b362565a33269b143865622b4715a348bc623d4c20f8abbf9d4497286

    • SSDEEP

      12288:4nzw6FRc/UBg/UUtdDScA5bTN+RNrHdeCMpRPaUfwPFIxQ8KAwFp/c1IEuFVwq:cwOQtA77+391ARPaf8KAwIIErq

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks