General

  • Target

    609dca4bfc922f38d4e23767d613b6ee_JaffaCakes118

  • Size

    472KB

  • Sample

    240721-p55f8s1glb

  • MD5

    609dca4bfc922f38d4e23767d613b6ee

  • SHA1

    0f02ca85fb3b21c5ef2d49d93feea93f0e6dae45

  • SHA256

    e28a9f627ac13fe8b7e35f503376637220272d36cd126f2a6f346ac0f0e8025b

  • SHA512

    87596dcb1fe483118c10bcc35b73b78d675972ee6e7efb60b33b40d998c2fec3d507521d37d790c16fadfd43ebb412b77a92fda2fa11de5aff61e6cdc3c67013

  • SSDEEP

    12288:Sw0GtsAw/KwvcrJg/WafyT04qDfKN9nT/CgGASABnrw:b0MfOcra+ayT01fKN9TDGAx

Malware Config

Targets

    • Target

      609dca4bfc922f38d4e23767d613b6ee_JaffaCakes118

    • Size

      472KB

    • MD5

      609dca4bfc922f38d4e23767d613b6ee

    • SHA1

      0f02ca85fb3b21c5ef2d49d93feea93f0e6dae45

    • SHA256

      e28a9f627ac13fe8b7e35f503376637220272d36cd126f2a6f346ac0f0e8025b

    • SHA512

      87596dcb1fe483118c10bcc35b73b78d675972ee6e7efb60b33b40d998c2fec3d507521d37d790c16fadfd43ebb412b77a92fda2fa11de5aff61e6cdc3c67013

    • SSDEEP

      12288:Sw0GtsAw/KwvcrJg/WafyT04qDfKN9nT/CgGASABnrw:b0MfOcra+ayT01fKN9TDGAx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks