General

  • Target

    60e7fe8519c57340067e4893f92c5d0a_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240721-wv851aydpa

  • MD5

    60e7fe8519c57340067e4893f92c5d0a

  • SHA1

    5a54dfa99b7681d569835f9603b55c69e783477f

  • SHA256

    78f8db65e860d7d7fe842f37896ac88b2fa18283ad57091c2024a797b092132a

  • SHA512

    e6de3d6e9f38ee1a20cb21d249489de0ab81e6a5d0c25601897b2eaa24a966d9cab21f49af56f18320b132618f16f844a8494bfddbf19f7172812ecc076c0651

  • SSDEEP

    24576:Z36pFerlZFsGJHcnwVPRtnf0RVTTLxLGvv:9YeeG1RhRdczt

Malware Config

Targets

    • Target

      60e7fe8519c57340067e4893f92c5d0a_JaffaCakes118

    • Size

      1.3MB

    • MD5

      60e7fe8519c57340067e4893f92c5d0a

    • SHA1

      5a54dfa99b7681d569835f9603b55c69e783477f

    • SHA256

      78f8db65e860d7d7fe842f37896ac88b2fa18283ad57091c2024a797b092132a

    • SHA512

      e6de3d6e9f38ee1a20cb21d249489de0ab81e6a5d0c25601897b2eaa24a966d9cab21f49af56f18320b132618f16f844a8494bfddbf19f7172812ecc076c0651

    • SSDEEP

      24576:Z36pFerlZFsGJHcnwVPRtnf0RVTTLxLGvv:9YeeG1RhRdczt

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks