General

  • Target

    d4bee2f5a634f3b857869f6f64ee0ad7_JaffaCakes118

  • Size

    403KB

  • Sample

    241208-cl3r3swqfv

  • MD5

    d4bee2f5a634f3b857869f6f64ee0ad7

  • SHA1

    2d4cda955bc6bbba8809603cb77b67f8f52f240d

  • SHA256

    b97ecb6f21b036150b573f4fb698203f466830476e861b78ebdfc3783237eed5

  • SHA512

    3348620d03d5d84c27c0df3fbbe0f7e9f273430b1cfff5141116fcaef94e33b40ff26f22421cb9172ca69d4a87d913be62b1057f5ba3712709ac51f991a49c61

  • SSDEEP

    12288:ybxmzF9k0IZvQu85iGFoVs4ts/IHPCY35hh:ye3Lt5J2Xts/GqY3l

Malware Config

Targets

    • Target

      d4bee2f5a634f3b857869f6f64ee0ad7_JaffaCakes118

    • Size

      403KB

    • MD5

      d4bee2f5a634f3b857869f6f64ee0ad7

    • SHA1

      2d4cda955bc6bbba8809603cb77b67f8f52f240d

    • SHA256

      b97ecb6f21b036150b573f4fb698203f466830476e861b78ebdfc3783237eed5

    • SHA512

      3348620d03d5d84c27c0df3fbbe0f7e9f273430b1cfff5141116fcaef94e33b40ff26f22421cb9172ca69d4a87d913be62b1057f5ba3712709ac51f991a49c61

    • SSDEEP

      12288:ybxmzF9k0IZvQu85iGFoVs4ts/IHPCY35hh:ye3Lt5J2Xts/GqY3l

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks