General

  • Target

    62ebeb65d67623682463ce7d129484bc_JaffaCakes118

  • Size

    1005KB

  • Sample

    240722-ms248staqf

  • MD5

    62ebeb65d67623682463ce7d129484bc

  • SHA1

    1797ab4a24a7582f243c854498887b0de1b41942

  • SHA256

    0e0baabf913bbe9eaf2ba458cdc336e26e6fd0b2a272de02a67a5e4f83e86af8

  • SHA512

    b34e1ebc76cc301e1cc667ce09a1f981f54614c9fea2bae3ef8840bcea5a45c71ef59ad5601442804f5b244038487b6c8da743e4d482c6d12bf343ea2fe54edf

  • SSDEEP

    24576:xAQ6Zx9cxTmOrucTIEFSpOGop0S0DvLPr:xAQ/TD5EO

Malware Config

Targets

    • Target

      62ebeb65d67623682463ce7d129484bc_JaffaCakes118

    • Size

      1005KB

    • MD5

      62ebeb65d67623682463ce7d129484bc

    • SHA1

      1797ab4a24a7582f243c854498887b0de1b41942

    • SHA256

      0e0baabf913bbe9eaf2ba458cdc336e26e6fd0b2a272de02a67a5e4f83e86af8

    • SHA512

      b34e1ebc76cc301e1cc667ce09a1f981f54614c9fea2bae3ef8840bcea5a45c71ef59ad5601442804f5b244038487b6c8da743e4d482c6d12bf343ea2fe54edf

    • SSDEEP

      24576:xAQ6Zx9cxTmOrucTIEFSpOGop0S0DvLPr:xAQ/TD5EO

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks