General

  • Target

    65c974e4861e43d082b70835c41f8ff4_JaffaCakes118

  • Size

    884KB

  • Sample

    240723-cxp1cssdpa

  • MD5

    65c974e4861e43d082b70835c41f8ff4

  • SHA1

    2e2b066c97d0a5e460d1d29c937c7fd739fdb0dc

  • SHA256

    970e0f71cbb5ad431e91ed7a1a323ad1f2d47fe1ae2b54abb470014ac0b671ff

  • SHA512

    522f4feac4bbbbb8f3994464a1759736fdd046a33b9d86603c81e00219a97c1997b428eaca245499a4ecfeadd3f72cd76ea408ce36d74ce857178903c9e31fd9

  • SSDEEP

    12288:UiQcPi5wAxVVn+5sGkoESczX6326xF2EU8uutzturY60d/B15ltRZiO/ai2/Sd23:UgwDVV1BI2QF8h6jXBP/iO/JBf

Malware Config

Targets

    • Target

      65c974e4861e43d082b70835c41f8ff4_JaffaCakes118

    • Size

      884KB

    • MD5

      65c974e4861e43d082b70835c41f8ff4

    • SHA1

      2e2b066c97d0a5e460d1d29c937c7fd739fdb0dc

    • SHA256

      970e0f71cbb5ad431e91ed7a1a323ad1f2d47fe1ae2b54abb470014ac0b671ff

    • SHA512

      522f4feac4bbbbb8f3994464a1759736fdd046a33b9d86603c81e00219a97c1997b428eaca245499a4ecfeadd3f72cd76ea408ce36d74ce857178903c9e31fd9

    • SSDEEP

      12288:UiQcPi5wAxVVn+5sGkoESczX6326xF2EU8uutzturY60d/B15ltRZiO/ai2/Sd23:UgwDVV1BI2QF8h6jXBP/iO/JBf

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks