General

  • Target

    7d4215b25a3d8881a18641d83873ac96_JaffaCakes118

  • Size

    849KB

  • Sample

    241030-aqngva1pew

  • MD5

    7d4215b25a3d8881a18641d83873ac96

  • SHA1

    79293a0badf34dc14380c70181d61aa11a53ac33

  • SHA256

    69460fd08183865d32f5f319299449ffcadd08e6759b5aa1a9bc9a0a2e77a97a

  • SHA512

    40358d530a621bdf44ddaeced4071312325aa91ead3847f41cb4ea40783c75927a0e09ff6be932a6945320eb92bae73346cdc0030aefa39df5a991573e00b7a4

  • SSDEEP

    24576:VGjjUxDpIUDdNIFPy4AKVJp0vC2SXwTDxNT:VGjAdpIUxaVykfp0vC2SXIDxNT

Malware Config

Targets

    • Target

      7d4215b25a3d8881a18641d83873ac96_JaffaCakes118

    • Size

      849KB

    • MD5

      7d4215b25a3d8881a18641d83873ac96

    • SHA1

      79293a0badf34dc14380c70181d61aa11a53ac33

    • SHA256

      69460fd08183865d32f5f319299449ffcadd08e6759b5aa1a9bc9a0a2e77a97a

    • SHA512

      40358d530a621bdf44ddaeced4071312325aa91ead3847f41cb4ea40783c75927a0e09ff6be932a6945320eb92bae73346cdc0030aefa39df5a991573e00b7a4

    • SSDEEP

      24576:VGjjUxDpIUDdNIFPy4AKVJp0vC2SXwTDxNT:VGjAdpIUxaVykfp0vC2SXIDxNT

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks