General

  • Target

    628577a83fe548d1a866447d5c291038_JaffaCakes118

  • Size

    635KB

  • Sample

    240722-kfvhhsxgkd

  • MD5

    628577a83fe548d1a866447d5c291038

  • SHA1

    da8a1823f70ee21acf402c5b52daa7cc95f3132d

  • SHA256

    4af5c8187b5d9fb62ddf15df92c53af7d4bec9afebdc56bd7d67e8cddfc28797

  • SHA512

    541f88d4147c510f2abfd3310e60caf48aaedacf103928e13c82dc5337dfd11cc143f96ea919cc7b278348f654c9bb9c348a7e2f2f333c48bd78eb9e05f48168

  • SSDEEP

    12288:PpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/n:hwAcu99lPzvxP+Bsz2XjWTRMQckkIXnf

Malware Config

Targets

    • Target

      628577a83fe548d1a866447d5c291038_JaffaCakes118

    • Size

      635KB

    • MD5

      628577a83fe548d1a866447d5c291038

    • SHA1

      da8a1823f70ee21acf402c5b52daa7cc95f3132d

    • SHA256

      4af5c8187b5d9fb62ddf15df92c53af7d4bec9afebdc56bd7d67e8cddfc28797

    • SHA512

      541f88d4147c510f2abfd3310e60caf48aaedacf103928e13c82dc5337dfd11cc143f96ea919cc7b278348f654c9bb9c348a7e2f2f333c48bd78eb9e05f48168

    • SSDEEP

      12288:PpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/n:hwAcu99lPzvxP+Bsz2XjWTRMQckkIXnf

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks