General

  • Target

    b0c4b11744ddae6907062f69c92f7953_JaffaCakes118

  • Size

    236KB

  • Sample

    241129-mx69rawndm

  • MD5

    b0c4b11744ddae6907062f69c92f7953

  • SHA1

    b5a6b08c8e33c0ad7d096116bd3eae14b0eccd15

  • SHA256

    12d93bbc5039d986040c29dcc8182f80c5111493a6391363000862151da688c0

  • SHA512

    f78c4f869c54288eb31bb7c2401c8b0b7c1995d5789420a85a6b34f4d823d86e2946c5126b41a6523f267b7b1dcd6fd1ab27b749fd78696c494d444dcb2f0994

  • SSDEEP

    6144:JYuXoZ/4R9r4ruWtYUTHAhrWIIevWea217pFqel66D1O+:JYuXigRqjtYyHhsTa2BqelLD1X

Malware Config

Targets

    • Target

      b0c4b11744ddae6907062f69c92f7953_JaffaCakes118

    • Size

      236KB

    • MD5

      b0c4b11744ddae6907062f69c92f7953

    • SHA1

      b5a6b08c8e33c0ad7d096116bd3eae14b0eccd15

    • SHA256

      12d93bbc5039d986040c29dcc8182f80c5111493a6391363000862151da688c0

    • SHA512

      f78c4f869c54288eb31bb7c2401c8b0b7c1995d5789420a85a6b34f4d823d86e2946c5126b41a6523f267b7b1dcd6fd1ab27b749fd78696c494d444dcb2f0994

    • SSDEEP

      6144:JYuXoZ/4R9r4ruWtYUTHAhrWIIevWea217pFqel66D1O+:JYuXigRqjtYyHhsTa2BqelLD1X

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks