General

  • Target

    d1b3081a636169e5848796b021d3a665_JaffaCakes118

  • Size

    742KB

  • Sample

    241207-la3sdawlgs

  • MD5

    d1b3081a636169e5848796b021d3a665

  • SHA1

    c21354fb6d57025cf78858d6f56d7a50070bcc90

  • SHA256

    56c74ddbfc9aa198469fb850087f4da61b84a6988b0785cdd77a106126088716

  • SHA512

    db10e4e8db2d14c13ec350ae8528462cfdc2df5ac869a439572efaf7e0670563938eca6595ef2cb5bca6147b8bb1693337f3f1ba9122d55b3529de42b24fe3ba

  • SSDEEP

    12288:wI7XNvs/CX0dSTw5ROPcE1l3EOwQEtCFCCS9pCc4RUOoOMTozFrx4JLNuUGh2lAY:HvsKX0EwiPcKl3utCFdbcrOoOMarxoc

Malware Config

Targets

    • Target

      d1b3081a636169e5848796b021d3a665_JaffaCakes118

    • Size

      742KB

    • MD5

      d1b3081a636169e5848796b021d3a665

    • SHA1

      c21354fb6d57025cf78858d6f56d7a50070bcc90

    • SHA256

      56c74ddbfc9aa198469fb850087f4da61b84a6988b0785cdd77a106126088716

    • SHA512

      db10e4e8db2d14c13ec350ae8528462cfdc2df5ac869a439572efaf7e0670563938eca6595ef2cb5bca6147b8bb1693337f3f1ba9122d55b3529de42b24fe3ba

    • SSDEEP

      12288:wI7XNvs/CX0dSTw5ROPcE1l3EOwQEtCFCCS9pCc4RUOoOMTozFrx4JLNuUGh2lAY:HvsKX0EwiPcKl3utCFdbcrOoOMarxoc

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks