General

  • Target

    6c50c8abafb090571b809b7e440760fb_JaffaCakes118

  • Size

    318KB

  • Sample

    240724-w16xtszhqm

  • MD5

    6c50c8abafb090571b809b7e440760fb

  • SHA1

    940400974cbe308babd859914b0f8158168a7d67

  • SHA256

    987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d

  • SHA512

    2e965287ef25056c6d9edd113ea87d72a674d90b01f9db97bf9092bb820bbd35cd8b125ba0593d73561f23f7916d3223322652a221258935d010ccd51f0f6878

  • SSDEEP

    6144:TKjZy6NQ1xaIN8kUedSzx2ME5+b/LNWZR6c2r4/OQfUg8UW:yNQ/2kb35+nsoc2MRF

Malware Config

Targets

    • Target

      6c50c8abafb090571b809b7e440760fb_JaffaCakes118

    • Size

      318KB

    • MD5

      6c50c8abafb090571b809b7e440760fb

    • SHA1

      940400974cbe308babd859914b0f8158168a7d67

    • SHA256

      987a459213fe3739f0b3a9599a965c98fd7ffe48217cb7051649767b5815a87d

    • SHA512

      2e965287ef25056c6d9edd113ea87d72a674d90b01f9db97bf9092bb820bbd35cd8b125ba0593d73561f23f7916d3223322652a221258935d010ccd51f0f6878

    • SSDEEP

      6144:TKjZy6NQ1xaIN8kUedSzx2ME5+b/LNWZR6c2r4/OQfUg8UW:yNQ/2kb35+nsoc2MRF

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks