General

  • Target

    c85764582a784e96afc89c6ff48164c9_JaffaCakes118

  • Size

    635KB

  • Sample

    241205-ss2rcszpcw

  • MD5

    c85764582a784e96afc89c6ff48164c9

  • SHA1

    4154e6dc06c5d7a0769cbc9f1a4a5d37ecad6767

  • SHA256

    e208f8f97ccc1f800ac2fc52625e9442e9e85854154143be8cbcbb4e89755c12

  • SHA512

    6ffaa2a82184bca857c9d8936d029e77718dd98c8f9ace23a286b8f5fc3b747bbef3ff8d95da58b70d09e9c0d5b8c4955858f35f422a7ff589b2bdc8b3c652b2

  • SSDEEP

    12288:gpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/+:awAcu99lPzvxP+Bsz2XjWTRMQckkIXn2

Malware Config

Targets

    • Target

      c85764582a784e96afc89c6ff48164c9_JaffaCakes118

    • Size

      635KB

    • MD5

      c85764582a784e96afc89c6ff48164c9

    • SHA1

      4154e6dc06c5d7a0769cbc9f1a4a5d37ecad6767

    • SHA256

      e208f8f97ccc1f800ac2fc52625e9442e9e85854154143be8cbcbb4e89755c12

    • SHA512

      6ffaa2a82184bca857c9d8936d029e77718dd98c8f9ace23a286b8f5fc3b747bbef3ff8d95da58b70d09e9c0d5b8c4955858f35f422a7ff589b2bdc8b3c652b2

    • SSDEEP

      12288:gpwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/+:awAcu99lPzvxP+Bsz2XjWTRMQckkIXn2

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks