General

  • Target

    b330626c52373d4726bbfb9f0eef7003_JaffaCakes118

  • Size

    2.1MB

  • Sample

    241129-x45dvasldy

  • MD5

    b330626c52373d4726bbfb9f0eef7003

  • SHA1

    c554d2e07e0e562b0b421a2ba9b4b1086f64ecd1

  • SHA256

    ad022b9a38c9fb19a5918068a4366a038deb3dfe7340dbdf3c150810ba6dc07a

  • SHA512

    384a74aa103a65f28cd0d9dc02bdc6e094008b52b5354b5b8aae717b0b70da9691fab28aed6f911d94ef2a46b9f9128e70db7be22939114d397709b2a9f50bde

  • SSDEEP

    24576:tuFVVIU3TYwkZgsFoEXaCsZhZnH7ZwArBN6H9DZHrli9nOVb:HH9Rg9nOV

Malware Config

Targets

    • Target

      b330626c52373d4726bbfb9f0eef7003_JaffaCakes118

    • Size

      2.1MB

    • MD5

      b330626c52373d4726bbfb9f0eef7003

    • SHA1

      c554d2e07e0e562b0b421a2ba9b4b1086f64ecd1

    • SHA256

      ad022b9a38c9fb19a5918068a4366a038deb3dfe7340dbdf3c150810ba6dc07a

    • SHA512

      384a74aa103a65f28cd0d9dc02bdc6e094008b52b5354b5b8aae717b0b70da9691fab28aed6f911d94ef2a46b9f9128e70db7be22939114d397709b2a9f50bde

    • SSDEEP

      24576:tuFVVIU3TYwkZgsFoEXaCsZhZnH7ZwArBN6H9DZHrli9nOVb:HH9Rg9nOV

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks