General

  • Target

    7c5c65a28d728fd575a690ec1d5562c8_JaffaCakes118

  • Size

    2.2MB

  • Sample

    241029-wrz3xsxhjq

  • MD5

    7c5c65a28d728fd575a690ec1d5562c8

  • SHA1

    c1cbb67faa54e3e0b5175ffcdf72de3e2dcd22ab

  • SHA256

    ab9247c783f39a82aea86f750d0069fcf2e43b037348d02b7a03aa9d21b9c0da

  • SHA512

    f1659fb2d7bf07b5291cd55d1278286156fb217780afd2849ec1d859ee688754d086a2643c0e56ac5a390af49f808a376280648ecf36c17fa27de4da3d7bef9c

  • SSDEEP

    49152:oQovA8XCSco/O0KTAaSHPkiCQuVHsyk1ZKMDUMOn:JovA8XCBTK8iC5VHsgMDUMOn

Malware Config

Targets

    • Target

      7c5c65a28d728fd575a690ec1d5562c8_JaffaCakes118

    • Size

      2.2MB

    • MD5

      7c5c65a28d728fd575a690ec1d5562c8

    • SHA1

      c1cbb67faa54e3e0b5175ffcdf72de3e2dcd22ab

    • SHA256

      ab9247c783f39a82aea86f750d0069fcf2e43b037348d02b7a03aa9d21b9c0da

    • SHA512

      f1659fb2d7bf07b5291cd55d1278286156fb217780afd2849ec1d859ee688754d086a2643c0e56ac5a390af49f808a376280648ecf36c17fa27de4da3d7bef9c

    • SSDEEP

      49152:oQovA8XCSco/O0KTAaSHPkiCQuVHsyk1ZKMDUMOn:JovA8XCBTK8iC5VHsgMDUMOn

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks