General

  • Target

    b24234d0209cdfad1e5cba875eb55354_JaffaCakes118

  • Size

    2.3MB

  • Sample

    241129-s8kg1sxrgk

  • MD5

    b24234d0209cdfad1e5cba875eb55354

  • SHA1

    899c4e1c8d44a581e7aa033aa43b2ab7bb29f296

  • SHA256

    eb49514b8692a9659a1c49ccde9b21677abb8e01590d86271f66d36bc06bccdf

  • SHA512

    e84494172d62d95519c653c5bb8d1b37ee97e3da78910db6ae8f304c54a436aedd07618918d27b6cf2603b244cb388045838a2cde8e5f5e20517dbeb966e47ff

  • SSDEEP

    24576:QtnoXTKpkjcty9FrjuZPfrlnii7liPAkSvWhgAUlP:SoXwAjoPjlJ1uhgA

Malware Config

Targets

    • Target

      b24234d0209cdfad1e5cba875eb55354_JaffaCakes118

    • Size

      2.3MB

    • MD5

      b24234d0209cdfad1e5cba875eb55354

    • SHA1

      899c4e1c8d44a581e7aa033aa43b2ab7bb29f296

    • SHA256

      eb49514b8692a9659a1c49ccde9b21677abb8e01590d86271f66d36bc06bccdf

    • SHA512

      e84494172d62d95519c653c5bb8d1b37ee97e3da78910db6ae8f304c54a436aedd07618918d27b6cf2603b244cb388045838a2cde8e5f5e20517dbeb966e47ff

    • SSDEEP

      24576:QtnoXTKpkjcty9FrjuZPfrlnii7liPAkSvWhgAUlP:SoXwAjoPjlJ1uhgA

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks