General

  • Target

    6713d1d62c592b59c88c252cd9082912_JaffaCakes118

  • Size

    263KB

  • Sample

    240723-lsdk7szaqa

  • MD5

    6713d1d62c592b59c88c252cd9082912

  • SHA1

    10f76ad6075c655c1180fbaa2699c3e5f9bd1c99

  • SHA256

    f708774408205bb5120c042a1488930d69494520d6d4780482f57b95deb57b5f

  • SHA512

    d780d4001edbd5bbf91be72b7ccd2651ee1d81f4bed4c180eeab7562a898016d625d97b865257b709d6de5f27ed08c8f59f9eba29e42530854d623bea8eac9cf

  • SSDEEP

    6144:RGxFLtRwhrk5GW70yiim3jZxx+Y4v3wmtQolFG:KnRSWg9zZxxYvA2JW

Malware Config

Targets

    • Target

      6713d1d62c592b59c88c252cd9082912_JaffaCakes118

    • Size

      263KB

    • MD5

      6713d1d62c592b59c88c252cd9082912

    • SHA1

      10f76ad6075c655c1180fbaa2699c3e5f9bd1c99

    • SHA256

      f708774408205bb5120c042a1488930d69494520d6d4780482f57b95deb57b5f

    • SHA512

      d780d4001edbd5bbf91be72b7ccd2651ee1d81f4bed4c180eeab7562a898016d625d97b865257b709d6de5f27ed08c8f59f9eba29e42530854d623bea8eac9cf

    • SSDEEP

      6144:RGxFLtRwhrk5GW70yiim3jZxx+Y4v3wmtQolFG:KnRSWg9zZxxYvA2JW

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks