General

  • Target

    d3398c0f3840bd9f87a7cbc161c7a525_JaffaCakes118

  • Size

    688KB

  • Sample

    241207-x3bedatrhq

  • MD5

    d3398c0f3840bd9f87a7cbc161c7a525

  • SHA1

    482006b6d7e63f08376ccb36c0ddcac005ad052d

  • SHA256

    1fa7e74c0d21f999c2f9ad0c080e324ac02b667d1b4814e766d55311b919c17f

  • SHA512

    eb327bb376b54ee101f94999609bd3f7119edbaf9e5b6e214e1d1dd67349595e8fc67575904892b018fc39267d8d9dd30d4c9184580ec4f620c9e5516ac0b0e6

  • SSDEEP

    12288:dzfULRmROHbwBqtOxbvuhgMtS/42LBEKIT87S0+ONA1TPK5LapDZrW:VfaR9GqcuKh/42tE/O+OuuyDZy

Malware Config

Targets

    • Target

      d3398c0f3840bd9f87a7cbc161c7a525_JaffaCakes118

    • Size

      688KB

    • MD5

      d3398c0f3840bd9f87a7cbc161c7a525

    • SHA1

      482006b6d7e63f08376ccb36c0ddcac005ad052d

    • SHA256

      1fa7e74c0d21f999c2f9ad0c080e324ac02b667d1b4814e766d55311b919c17f

    • SHA512

      eb327bb376b54ee101f94999609bd3f7119edbaf9e5b6e214e1d1dd67349595e8fc67575904892b018fc39267d8d9dd30d4c9184580ec4f620c9e5516ac0b0e6

    • SSDEEP

      12288:dzfULRmROHbwBqtOxbvuhgMtS/42LBEKIT87S0+ONA1TPK5LapDZrW:VfaR9GqcuKh/42tE/O+OuuyDZy

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks