General

  • Target

    d2e1279e61209fcd2b6800619b35de96_JaffaCakes118

  • Size

    860KB

  • Sample

    241207-rlm4yszncl

  • MD5

    d2e1279e61209fcd2b6800619b35de96

  • SHA1

    2139e199779760f7383b8ddf5259c68469cdf39b

  • SHA256

    d15ec56fed5cb72ac722cf5801e1ae1ff4fa5b85c43df5d05866c932c35b741c

  • SHA512

    ba6fa0d79d78534280511cee17885f4c36f7228625fa7e4b8f4d978073baa71ffd9a0ce2a8cf2a39df65ddfdb1b5e6b5a546342df02c8efec9f06657a965b2bc

  • SSDEEP

    24576:rjdZ0OxBSGocUvdM6AnkGweI9bOyctOMOn:rbdjSGocsyLnk1JFOl3On

Malware Config

Targets

    • Target

      d2e1279e61209fcd2b6800619b35de96_JaffaCakes118

    • Size

      860KB

    • MD5

      d2e1279e61209fcd2b6800619b35de96

    • SHA1

      2139e199779760f7383b8ddf5259c68469cdf39b

    • SHA256

      d15ec56fed5cb72ac722cf5801e1ae1ff4fa5b85c43df5d05866c932c35b741c

    • SHA512

      ba6fa0d79d78534280511cee17885f4c36f7228625fa7e4b8f4d978073baa71ffd9a0ce2a8cf2a39df65ddfdb1b5e6b5a546342df02c8efec9f06657a965b2bc

    • SSDEEP

      24576:rjdZ0OxBSGocUvdM6AnkGweI9bOyctOMOn:rbdjSGocsyLnk1JFOl3On

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks