General

  • Target

    cd65090fdc970524f35f3a2b2f1595fd_JaffaCakes118

  • Size

    635KB

  • Sample

    241206-repdfa1law

  • MD5

    cd65090fdc970524f35f3a2b2f1595fd

  • SHA1

    1c6625d8507477abf087e825b54a099f46b04514

  • SHA256

    522f7075dae8aa960da346bfc6c5bb556c8414f2aebb3d2f55df0298b9d960d9

  • SHA512

    4b9f29a0793b80d37c7f1183755b185f33a2ceb3adea4ec521d31e3dde4ac48d7a150406ad980d5d6b7c874a29935d46908d27b6f127cdfde119ed330014074e

  • SSDEEP

    12288:npwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/4:pwAcu99lPzvxP+Bsz2XjWTRMQckkIXng

Malware Config

Targets

    • Target

      cd65090fdc970524f35f3a2b2f1595fd_JaffaCakes118

    • Size

      635KB

    • MD5

      cd65090fdc970524f35f3a2b2f1595fd

    • SHA1

      1c6625d8507477abf087e825b54a099f46b04514

    • SHA256

      522f7075dae8aa960da346bfc6c5bb556c8414f2aebb3d2f55df0298b9d960d9

    • SHA512

      4b9f29a0793b80d37c7f1183755b185f33a2ceb3adea4ec521d31e3dde4ac48d7a150406ad980d5d6b7c874a29935d46908d27b6f127cdfde119ed330014074e

    • SSDEEP

      12288:npwABK90BOe/x9lPAYvxPQVjdsAY2XjWlnlpTMMXG91uhKIXn/4:pwAcu99lPzvxP+Bsz2XjWTRMQckkIXng

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks