General

  • Target

    d3d9946a31788e942a5be610403c438b_JaffaCakes118

  • Size

    909KB

  • Sample

    241207-13jmja1rhn

  • MD5

    d3d9946a31788e942a5be610403c438b

  • SHA1

    2522f9e1026bfbb484dc49195bb748bc1fa18697

  • SHA256

    0f064e59e76ae6dbf98f7638c9081949de309e94a3003efd60ee5f4100394b42

  • SHA512

    dcb5471edf7d146dd95b47c07d72ceb91da044ba005e9c7380ce601c7ee3bc8202664c1e2884e5ddafce182d43880ac4423cc093803991a4ec77ddc4e9a9ac29

  • SSDEEP

    24576:k4XNr/j01fyF7bjVEBRHTnJyvSRzmNX6MPDmPQe:kmjKfEfjqpzz26aj

Malware Config

Targets

    • Target

      d3d9946a31788e942a5be610403c438b_JaffaCakes118

    • Size

      909KB

    • MD5

      d3d9946a31788e942a5be610403c438b

    • SHA1

      2522f9e1026bfbb484dc49195bb748bc1fa18697

    • SHA256

      0f064e59e76ae6dbf98f7638c9081949de309e94a3003efd60ee5f4100394b42

    • SHA512

      dcb5471edf7d146dd95b47c07d72ceb91da044ba005e9c7380ce601c7ee3bc8202664c1e2884e5ddafce182d43880ac4423cc093803991a4ec77ddc4e9a9ac29

    • SSDEEP

      24576:k4XNr/j01fyF7bjVEBRHTnJyvSRzmNX6MPDmPQe:kmjKfEfjqpzz26aj

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks