General

  • Target

    cb8d0a0d8790dc739c9ca82fd7ce9b6e_JaffaCakes118

  • Size

    766KB

  • Sample

    241206-hd943s1jan

  • MD5

    cb8d0a0d8790dc739c9ca82fd7ce9b6e

  • SHA1

    44f9aef24d039cc896cab58711977b54390f2e4c

  • SHA256

    adec931baa41ac52333c242039ba2c2d5332b3d3487a28d16bc697e3f28dba56

  • SHA512

    fdad2b5538f3de78f55ddc2bb04674f13de59f43f21b30abeeb3b4a4a159635afaa1da13e125d945fc4dfc84d3569038dca517c3cbd06adcd9fc5929e0945549

  • SSDEEP

    12288:ga8gDC8CKewouXFxbtTff1A+QqMUSSp1o6dJsoJku2cOtr0wV8noakElpvtnBDne:hCuouXJZAh/Sp1omJsAycmQwV8noaVvS

Malware Config

Targets

    • Target

      cb8d0a0d8790dc739c9ca82fd7ce9b6e_JaffaCakes118

    • Size

      766KB

    • MD5

      cb8d0a0d8790dc739c9ca82fd7ce9b6e

    • SHA1

      44f9aef24d039cc896cab58711977b54390f2e4c

    • SHA256

      adec931baa41ac52333c242039ba2c2d5332b3d3487a28d16bc697e3f28dba56

    • SHA512

      fdad2b5538f3de78f55ddc2bb04674f13de59f43f21b30abeeb3b4a4a159635afaa1da13e125d945fc4dfc84d3569038dca517c3cbd06adcd9fc5929e0945549

    • SSDEEP

      12288:ga8gDC8CKewouXFxbtTff1A+QqMUSSp1o6dJsoJku2cOtr0wV8noakElpvtnBDne:hCuouXJZAh/Sp1omJsAycmQwV8noaVvS

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks