General

  • Target

    6141a7898766a76b272c9a0fef70c206_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240721-y4mdpsvfrn

  • MD5

    6141a7898766a76b272c9a0fef70c206

  • SHA1

    36383b47e48c6907e0ecae390e09f6bcb433c97d

  • SHA256

    2f6a809d514e8a1990baea2691a8d1f9bd825276d7d4fa7542d6d2f219600a92

  • SHA512

    c8b0438f9391d6c9e181ef22c784ebb3edf20566efb410540932b7ae358ddbc11b752223ac7a4f53ad4503de2af72d3eecf5153fd2b017af492ce747cd4367c2

  • SSDEEP

    24576:bV53QlEi0JOx5VWHQJQYnZOMmPI+20URe58PGAimqPTpCMc:bV580JOUHKQYnRmPI+poe58imqVC

Malware Config

Targets

    • Target

      6141a7898766a76b272c9a0fef70c206_JaffaCakes118

    • Size

      1.0MB

    • MD5

      6141a7898766a76b272c9a0fef70c206

    • SHA1

      36383b47e48c6907e0ecae390e09f6bcb433c97d

    • SHA256

      2f6a809d514e8a1990baea2691a8d1f9bd825276d7d4fa7542d6d2f219600a92

    • SHA512

      c8b0438f9391d6c9e181ef22c784ebb3edf20566efb410540932b7ae358ddbc11b752223ac7a4f53ad4503de2af72d3eecf5153fd2b017af492ce747cd4367c2

    • SSDEEP

      24576:bV53QlEi0JOx5VWHQJQYnZOMmPI+20URe58PGAimqPTpCMc:bV580JOUHKQYnRmPI+poe58imqVC

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks