General

  • Target

    d07bcdb36f35bf24e342d79b283d4736_JaffaCakes118

  • Size

    757KB

  • Sample

    241207-d76xasznhp

  • MD5

    d07bcdb36f35bf24e342d79b283d4736

  • SHA1

    86846508139a6cc8c576cd10f86bda2096e6048e

  • SHA256

    e7813efc004e1fe87183364305a71cf4e71a4982d9c9db256e832d9ae33f5cdb

  • SHA512

    5f3e1449187497264f7ba726887141af7a66aa63676f17229212e79c0b15959016f1917ab9c0dca80df0d61e9dee3bfe63372e8911edb4bcb31d9b6d2a34f6ee

  • SSDEEP

    12288:x9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKUG:HAQ6Zx9cxTmOrucTIEFSpOG8

Malware Config

Targets

    • Target

      d07bcdb36f35bf24e342d79b283d4736_JaffaCakes118

    • Size

      757KB

    • MD5

      d07bcdb36f35bf24e342d79b283d4736

    • SHA1

      86846508139a6cc8c576cd10f86bda2096e6048e

    • SHA256

      e7813efc004e1fe87183364305a71cf4e71a4982d9c9db256e832d9ae33f5cdb

    • SHA512

      5f3e1449187497264f7ba726887141af7a66aa63676f17229212e79c0b15959016f1917ab9c0dca80df0d61e9dee3bfe63372e8911edb4bcb31d9b6d2a34f6ee

    • SSDEEP

      12288:x9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKUG:HAQ6Zx9cxTmOrucTIEFSpOG8

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks