General

  • Target

    6653e6aef1ef2f003ac1ff3351b6dfc0_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240723-f9stkazdqd

  • MD5

    6653e6aef1ef2f003ac1ff3351b6dfc0

  • SHA1

    364cbc710e8073b2efab8b6f42bd0460c777e8b3

  • SHA256

    b049181af5be2a6084fd9bc5cf986a1d947619585ddc4eef1f9cc1f24f175fb1

  • SHA512

    540f7a5e0fc653ffac16d9ec618f7dc77e8502a7d18aa52f018ab0c7cfdfa4401e17431f8ba9b86420549a1346b7ad951e279df55c11a519f764084af6eec29f

  • SSDEEP

    12288:I7e1hnlqQCkWKIsNz+TmZy11izx+mAM7ICrFKyAUzucFbNVECjSwT03Bvt1LB4UN:I7Et3gmfcMeDqazHRGL

Malware Config

Targets

    • Target

      6653e6aef1ef2f003ac1ff3351b6dfc0_JaffaCakes118

    • Size

      1.2MB

    • MD5

      6653e6aef1ef2f003ac1ff3351b6dfc0

    • SHA1

      364cbc710e8073b2efab8b6f42bd0460c777e8b3

    • SHA256

      b049181af5be2a6084fd9bc5cf986a1d947619585ddc4eef1f9cc1f24f175fb1

    • SHA512

      540f7a5e0fc653ffac16d9ec618f7dc77e8502a7d18aa52f018ab0c7cfdfa4401e17431f8ba9b86420549a1346b7ad951e279df55c11a519f764084af6eec29f

    • SSDEEP

      12288:I7e1hnlqQCkWKIsNz+TmZy11izx+mAM7ICrFKyAUzucFbNVECjSwT03Bvt1LB4UN:I7Et3gmfcMeDqazHRGL

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks