General

  • Target

    d1a81adcb2b654ac92172655905d21f3_JaffaCakes118

  • Size

    1.4MB

  • Sample

    241207-k3t59svrhw

  • MD5

    d1a81adcb2b654ac92172655905d21f3

  • SHA1

    76c49ad0511f2b0d2dedac0bbb37c6965f9bb419

  • SHA256

    ba9ef84922ff0787de3e1c0cd23aedc711ba98694a92552941508372edadecac

  • SHA512

    3cfb2409e94398b01db9dc462f0000143473e84ff67a60ec59b03b785f86e491308d22625cee36c9cd82f909e725793f70c6323f3d0b86898e4438938bec096d

  • SSDEEP

    24576:saHMv6CorjqnyC8xlDG75HN8+zCD2i/x0HJ9tgPTtbN:s1vqjdC8PDeHN8+k2iKpmR

Malware Config

Targets

    • Target

      d1a81adcb2b654ac92172655905d21f3_JaffaCakes118

    • Size

      1.4MB

    • MD5

      d1a81adcb2b654ac92172655905d21f3

    • SHA1

      76c49ad0511f2b0d2dedac0bbb37c6965f9bb419

    • SHA256

      ba9ef84922ff0787de3e1c0cd23aedc711ba98694a92552941508372edadecac

    • SHA512

      3cfb2409e94398b01db9dc462f0000143473e84ff67a60ec59b03b785f86e491308d22625cee36c9cd82f909e725793f70c6323f3d0b86898e4438938bec096d

    • SSDEEP

      24576:saHMv6CorjqnyC8xlDG75HN8+zCD2i/x0HJ9tgPTtbN:s1vqjdC8PDeHN8+k2iKpmR

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks