General

  • Target

    d443c691f304ba592dd500c6fdf08bec_JaffaCakes118

  • Size

    483KB

  • Sample

    241208-aacqeawper

  • MD5

    d443c691f304ba592dd500c6fdf08bec

  • SHA1

    1f6db40bf02a65dadfad40cb86a587f7b11bb701

  • SHA256

    9cf83059673268289d337054ceeb4af6c6a4165552cf2de4664c28d45f2462b9

  • SHA512

    6021d875e753a9152d7ece0e8856b8481c01be73d26e01869d1315308eef9c22fb377c20b3d829b0531b8672ca3234ab942c34124ba84172a15c81a737155e34

  • SSDEEP

    12288:QaZAPK8kO7CWteq1/NpckaFoBpcd1Qbl4c:QwASE74ObRNg1QT

Malware Config

Targets

    • Target

      d443c691f304ba592dd500c6fdf08bec_JaffaCakes118

    • Size

      483KB

    • MD5

      d443c691f304ba592dd500c6fdf08bec

    • SHA1

      1f6db40bf02a65dadfad40cb86a587f7b11bb701

    • SHA256

      9cf83059673268289d337054ceeb4af6c6a4165552cf2de4664c28d45f2462b9

    • SHA512

      6021d875e753a9152d7ece0e8856b8481c01be73d26e01869d1315308eef9c22fb377c20b3d829b0531b8672ca3234ab942c34124ba84172a15c81a737155e34

    • SSDEEP

      12288:QaZAPK8kO7CWteq1/NpckaFoBpcd1Qbl4c:QwASE74ObRNg1QT

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks