General

  • Target

    612235daf3b39335b4ca81494d96048a_JaffaCakes118

  • Size

    884KB

  • Sample

    240721-yejlhs1epf

  • MD5

    612235daf3b39335b4ca81494d96048a

  • SHA1

    63130732594f4bd4178000955b393830a420fbbe

  • SHA256

    d67c362005dab100f064915d22367fc969ad88ec4e0d6df5574d4b6c346fce65

  • SHA512

    7a572baf94ef475db77dc70dd9661d08e76b4a179a177c7b53e920d0c414666c740262d26298ed19eadf74b31794ff1c3e90445279d42ce60f4c4f0963fad9b1

  • SSDEEP

    24576:l1JlUxtpBIUNQcocN5nYkp7/jnL3BfDvOzOHOfbTrRbfDvOHzgr/bfDvOHLAr5bo:lMB8YwbfRYz6HYLapYD9TYLWSsHx9Vig

Malware Config

Targets

    • Target

      612235daf3b39335b4ca81494d96048a_JaffaCakes118

    • Size

      884KB

    • MD5

      612235daf3b39335b4ca81494d96048a

    • SHA1

      63130732594f4bd4178000955b393830a420fbbe

    • SHA256

      d67c362005dab100f064915d22367fc969ad88ec4e0d6df5574d4b6c346fce65

    • SHA512

      7a572baf94ef475db77dc70dd9661d08e76b4a179a177c7b53e920d0c414666c740262d26298ed19eadf74b31794ff1c3e90445279d42ce60f4c4f0963fad9b1

    • SSDEEP

      24576:l1JlUxtpBIUNQcocN5nYkp7/jnL3BfDvOzOHOfbTrRbfDvOHzgr/bfDvOHLAr5bo:lMB8YwbfRYz6HYLapYD9TYLWSsHx9Vig

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks