General

  • Target

    c4b042271c25b19cc8b2d36a8e17ea44_JaffaCakes118

  • Size

    589KB

  • Sample

    241204-2kyt6s1jhj

  • MD5

    c4b042271c25b19cc8b2d36a8e17ea44

  • SHA1

    c9ce05f7b6efb1adec66b1e99eb09dedeae07475

  • SHA256

    7e66a26a7a2a2265ac8853903dc4c56a0a1a83c0de23ea9b54980f1858eb2789

  • SHA512

    b5c589aa5850ef0fa8c7e5e4dcf1a9e0ed12ee4130e09ddc6ede3e17018bff00fddf043f7a2871bd23a18f45bb62e4eb0aeb603d214ee9148f917e21a13fc5d5

  • SSDEEP

    12288:9ffLtEIQIu7k5sscLsD5iZqHyscNExmj1NT5BzYQR8NxOz8Y5oSU:9fTOIQIu7k5DzvLxm5Bl8sk

Malware Config

Targets

    • Target

      c4b042271c25b19cc8b2d36a8e17ea44_JaffaCakes118

    • Size

      589KB

    • MD5

      c4b042271c25b19cc8b2d36a8e17ea44

    • SHA1

      c9ce05f7b6efb1adec66b1e99eb09dedeae07475

    • SHA256

      7e66a26a7a2a2265ac8853903dc4c56a0a1a83c0de23ea9b54980f1858eb2789

    • SHA512

      b5c589aa5850ef0fa8c7e5e4dcf1a9e0ed12ee4130e09ddc6ede3e17018bff00fddf043f7a2871bd23a18f45bb62e4eb0aeb603d214ee9148f917e21a13fc5d5

    • SSDEEP

      12288:9ffLtEIQIu7k5sscLsD5iZqHyscNExmj1NT5BzYQR8NxOz8Y5oSU:9fTOIQIu7k5DzvLxm5Bl8sk

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks