General

  • Target

    cf7bf3cb5ff408ae80ffab27aa4f3061_JaffaCakes118

  • Size

    708KB

  • Sample

    241206-21kbqaymcq

  • MD5

    cf7bf3cb5ff408ae80ffab27aa4f3061

  • SHA1

    53d6eac4b7364dec220dc000e474146c0ceaedcf

  • SHA256

    e61c53adac5c59926be8c56836e91bfb91d48f4335b8595b27d5bca0037d5c71

  • SHA512

    9702b7ba31328a04d714a938079a25b350a069249de7f5482b9726ea15d1d7d0814f5df830e0ae003d01b24e9642f81864aaa70e22c84e14469223aeec87060e

  • SSDEEP

    12288:+cTRwnJKE50VD68cWOrqWXKeeV7zCQZCOY2C8jo7NUL5vMQaw/uYftwq:+cTRGJHS3OrBXKeiHCQIOxjo7ypdawBb

Malware Config

Targets

    • Target

      cf7bf3cb5ff408ae80ffab27aa4f3061_JaffaCakes118

    • Size

      708KB

    • MD5

      cf7bf3cb5ff408ae80ffab27aa4f3061

    • SHA1

      53d6eac4b7364dec220dc000e474146c0ceaedcf

    • SHA256

      e61c53adac5c59926be8c56836e91bfb91d48f4335b8595b27d5bca0037d5c71

    • SHA512

      9702b7ba31328a04d714a938079a25b350a069249de7f5482b9726ea15d1d7d0814f5df830e0ae003d01b24e9642f81864aaa70e22c84e14469223aeec87060e

    • SSDEEP

      12288:+cTRwnJKE50VD68cWOrqWXKeeV7zCQZCOY2C8jo7NUL5vMQaw/uYftwq:+cTRGJHS3OrBXKeiHCQIOxjo7ypdawBb

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks