General

  • Target

    d00c31822087142a7addaf6051bd0812_JaffaCakes118

  • Size

    449KB

  • Sample

    241207-bzvsysvkfr

  • MD5

    d00c31822087142a7addaf6051bd0812

  • SHA1

    c02363c122ea1a2dc1a6a48037ec7d06f3908caf

  • SHA256

    0eb05ea65682f093007fd38a0bfa99b66a3a059b54dbb8a1ce4bae7c0d890059

  • SHA512

    86152091d1df0a12c906a5f4cdb9e1e1d8f8762ec77fc4136fffadc338d0f6d5009d7c9da317cba62f161d928c61d26d155e1a1ee53ca9fb598a457743e157b6

  • SSDEEP

    12288:pVTHy8bZiuDS925JNwbdM9VQasIwe3/Sckv9Yf:phtbgr925J2baQahVMFYf

Malware Config

Targets

    • Target

      d00c31822087142a7addaf6051bd0812_JaffaCakes118

    • Size

      449KB

    • MD5

      d00c31822087142a7addaf6051bd0812

    • SHA1

      c02363c122ea1a2dc1a6a48037ec7d06f3908caf

    • SHA256

      0eb05ea65682f093007fd38a0bfa99b66a3a059b54dbb8a1ce4bae7c0d890059

    • SHA512

      86152091d1df0a12c906a5f4cdb9e1e1d8f8762ec77fc4136fffadc338d0f6d5009d7c9da317cba62f161d928c61d26d155e1a1ee53ca9fb598a457743e157b6

    • SSDEEP

      12288:pVTHy8bZiuDS925JNwbdM9VQasIwe3/Sckv9Yf:phtbgr925J2baQahVMFYf

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks