General

  • Target

    d0d8f7a2369d3a4feaaedda235c3f065_JaffaCakes118

  • Size

    270KB

  • Sample

    241207-f356batpgj

  • MD5

    d0d8f7a2369d3a4feaaedda235c3f065

  • SHA1

    d401c14ba10b442ed79ef6bfff232622fc43fee2

  • SHA256

    4696e768d1f62301de94f8af69ccd28f70feb361951f2c8d1654a4b4ffceee42

  • SHA512

    3f5c6193a7ce09bd8f435319ddff36a5f1fc69627dcc1a4a9ec2b38c90c0ea32fc5f39478c926a21eff18a4f483a07519a54c61770a8baf002cabd889f718a87

  • SSDEEP

    6144:p9RzTEQzbOU1KePhG0bXe/RzXY1iqG2PsRLEj:Z/9zbThhG0relIREEj

Malware Config

Targets

    • Target

      d0d8f7a2369d3a4feaaedda235c3f065_JaffaCakes118

    • Size

      270KB

    • MD5

      d0d8f7a2369d3a4feaaedda235c3f065

    • SHA1

      d401c14ba10b442ed79ef6bfff232622fc43fee2

    • SHA256

      4696e768d1f62301de94f8af69ccd28f70feb361951f2c8d1654a4b4ffceee42

    • SHA512

      3f5c6193a7ce09bd8f435319ddff36a5f1fc69627dcc1a4a9ec2b38c90c0ea32fc5f39478c926a21eff18a4f483a07519a54c61770a8baf002cabd889f718a87

    • SSDEEP

      6144:p9RzTEQzbOU1KePhG0bXe/RzXY1iqG2PsRLEj:Z/9zbThhG0relIREEj

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks