General

  • Target

    66d8f7b7825df5d614892d0cb35f69f6_JaffaCakes118

  • Size

    339KB

  • Sample

    241021-qrdxssvgpf

  • MD5

    66d8f7b7825df5d614892d0cb35f69f6

  • SHA1

    b3eca8a93cd7ce887130ddc5331dae34f9d0d02d

  • SHA256

    b0f8d4006aecf713c6ec6e88ae3e25b038b86898d8b3a4cb2c32a282bbf3b3e1

  • SHA512

    e182fd4c165be4c00c96b5749aa02e388e8177306f5abf58d390fc8abc1e2aa96a2123f4b694873d4c5f6c89418b03775f226ded0dfbe1dd223984ba70616511

  • SSDEEP

    6144:6SfpB4Uotmp+j7PLRo/CD+xlogRZYddKs1PxAGRaCzCn:6SBB4h8+j7PL4Ca7oKYXPo+aCGn

Malware Config

Targets

    • Target

      66d8f7b7825df5d614892d0cb35f69f6_JaffaCakes118

    • Size

      339KB

    • MD5

      66d8f7b7825df5d614892d0cb35f69f6

    • SHA1

      b3eca8a93cd7ce887130ddc5331dae34f9d0d02d

    • SHA256

      b0f8d4006aecf713c6ec6e88ae3e25b038b86898d8b3a4cb2c32a282bbf3b3e1

    • SHA512

      e182fd4c165be4c00c96b5749aa02e388e8177306f5abf58d390fc8abc1e2aa96a2123f4b694873d4c5f6c89418b03775f226ded0dfbe1dd223984ba70616511

    • SSDEEP

      6144:6SfpB4Uotmp+j7PLRo/CD+xlogRZYddKs1PxAGRaCzCn:6SBB4h8+j7PL4Ca7oKYXPo+aCGn

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks