General

  • Target

    b34a37a8832702b570535d2cad426446_JaffaCakes118

  • Size

    659KB

  • Sample

    241129-yslm2atlgt

  • MD5

    b34a37a8832702b570535d2cad426446

  • SHA1

    87a04118f782ff71dc0a0dfa5508a7c979112d24

  • SHA256

    52b1e58da2cf00b22712b47009abad4d980646aa717deded73c20e4cd0b6fddb

  • SHA512

    2c7884b8fae33fb0c3967e9b72667dbc0cf048f256d5d2e38fce5926a0fe9e549d387c5a44c6bae49618373c6f2ee81be7ea01d32138290bb10c355139e526a3

  • SSDEEP

    12288:x9A2lAd0Z+89cxTlzO4AucTD8QP2lmSSrVovi/wK+:HAF6Zx9cxTVOrucTIESSpcqa

Malware Config

Targets

    • Target

      b34a37a8832702b570535d2cad426446_JaffaCakes118

    • Size

      659KB

    • MD5

      b34a37a8832702b570535d2cad426446

    • SHA1

      87a04118f782ff71dc0a0dfa5508a7c979112d24

    • SHA256

      52b1e58da2cf00b22712b47009abad4d980646aa717deded73c20e4cd0b6fddb

    • SHA512

      2c7884b8fae33fb0c3967e9b72667dbc0cf048f256d5d2e38fce5926a0fe9e549d387c5a44c6bae49618373c6f2ee81be7ea01d32138290bb10c355139e526a3

    • SSDEEP

      12288:x9A2lAd0Z+89cxTlzO4AucTD8QP2lmSSrVovi/wK+:HAF6Zx9cxTVOrucTIESSpcqa

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks