General

  • Target

    d41ed77934a8a460388fa983451e5519_JaffaCakes118

  • Size

    1.5MB

  • Sample

    241207-3bqb4svldk

  • MD5

    d41ed77934a8a460388fa983451e5519

  • SHA1

    c320eb7eef84c885c0fa2df0bd132beca04d5a1d

  • SHA256

    a883e11651dc14621a4c8659a09311b418d1d1df4f9a0f3124aae9e5530f1d53

  • SHA512

    39f92fd7b9bccd1a8d01ab2207e7c46eedc172fe054bd4098c83127472059ba8332256c0e716c4381d38e8b89cd4f7e36d303d3812607150729f8baea913c04c

  • SSDEEP

    24576:lD6nlaEHWNLLWB3yayyno8M2uwW4uQyQgN/b7NHOAmA+7ed6BpGPL1fq4rpr4c:lD6BHwKBiaDm2uwWfYA304Nr4

Malware Config

Targets

    • Target

      d41ed77934a8a460388fa983451e5519_JaffaCakes118

    • Size

      1.5MB

    • MD5

      d41ed77934a8a460388fa983451e5519

    • SHA1

      c320eb7eef84c885c0fa2df0bd132beca04d5a1d

    • SHA256

      a883e11651dc14621a4c8659a09311b418d1d1df4f9a0f3124aae9e5530f1d53

    • SHA512

      39f92fd7b9bccd1a8d01ab2207e7c46eedc172fe054bd4098c83127472059ba8332256c0e716c4381d38e8b89cd4f7e36d303d3812607150729f8baea913c04c

    • SSDEEP

      24576:lD6nlaEHWNLLWB3yayyno8M2uwW4uQyQgN/b7NHOAmA+7ed6BpGPL1fq4rpr4c:lD6BHwKBiaDm2uwWfYA304Nr4

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

MITRE ATT&CK Enterprise v15

Tasks