General

  • Target

    b1d346fbc680a2a4b60878d2d8120451_JaffaCakes118

  • Size

    1.4MB

  • Sample

    241129-rrmqdavkgl

  • MD5

    b1d346fbc680a2a4b60878d2d8120451

  • SHA1

    01850e5a3785ae54c37cc6c6d9b954c4918272f7

  • SHA256

    fea436648953d8f3f3f8b953e6db3a352f399cf011364a640f56dd35dc3c611a

  • SHA512

    de552252cd28152ce35703764c5eb0c47a23c97286ccde4b3ad189f760c7f5562f73baac41d2096eded191f767e076d6d06a9449959adfc62ec7eb6e632c8202

  • SSDEEP

    24576:0KLIMPqOqX6qz0VYI0NM0GlRNcddjaLzS5Qdz7xIAg/zui/uBWc/iwxzvI:0KLdqOqqqz0WpM0McddjaLzRdHxIAgrp

Malware Config

Targets

    • Target

      b1d346fbc680a2a4b60878d2d8120451_JaffaCakes118

    • Size

      1.4MB

    • MD5

      b1d346fbc680a2a4b60878d2d8120451

    • SHA1

      01850e5a3785ae54c37cc6c6d9b954c4918272f7

    • SHA256

      fea436648953d8f3f3f8b953e6db3a352f399cf011364a640f56dd35dc3c611a

    • SHA512

      de552252cd28152ce35703764c5eb0c47a23c97286ccde4b3ad189f760c7f5562f73baac41d2096eded191f767e076d6d06a9449959adfc62ec7eb6e632c8202

    • SSDEEP

      24576:0KLIMPqOqX6qz0VYI0NM0GlRNcddjaLzS5Qdz7xIAg/zui/uBWc/iwxzvI:0KLdqOqqqz0WpM0McddjaLzRdHxIAgrp

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks