General

  • Target

    d72d4fa102e2e46cc1a3153f68eae4f7_JaffaCakes118

  • Size

    812KB

  • Sample

    241208-qasdvsyqcq

  • MD5

    d72d4fa102e2e46cc1a3153f68eae4f7

  • SHA1

    a43588d0cf65fe5a1c18edd8223485d0f9d093f2

  • SHA256

    c961504e0161888d7a137cc6ff8a609c8477711b5e6c70614867345a91184451

  • SHA512

    a6a6370cb3f602b52213aa8cc6e6f919e507190436611c25806909b28cb2b1925ce190a8945d3973a7bc353c39387b3d013ed0ffb7665e17106f30a066ef2ba5

  • SSDEEP

    12288:kaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdT:VAEENIq8XwyVPQclDq/+WnpsS

Malware Config

Targets

    • Target

      d72d4fa102e2e46cc1a3153f68eae4f7_JaffaCakes118

    • Size

      812KB

    • MD5

      d72d4fa102e2e46cc1a3153f68eae4f7

    • SHA1

      a43588d0cf65fe5a1c18edd8223485d0f9d093f2

    • SHA256

      c961504e0161888d7a137cc6ff8a609c8477711b5e6c70614867345a91184451

    • SHA512

      a6a6370cb3f602b52213aa8cc6e6f919e507190436611c25806909b28cb2b1925ce190a8945d3973a7bc353c39387b3d013ed0ffb7665e17106f30a066ef2ba5

    • SSDEEP

      12288:kaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdT:VAEENIq8XwyVPQclDq/+WnpsS

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Modifies security service

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks