General

  • Target

    d7927c417e3d4da2934641d84a008e83_JaffaCakes118

  • Size

    302KB

  • Sample

    241208-r2n17awnhs

  • MD5

    d7927c417e3d4da2934641d84a008e83

  • SHA1

    b0234c7be3321053b39b77855cfe99573240c39d

  • SHA256

    9689cb65fedbd0b1cfba22cb8dba66dd9ac2c5146c4d3a00fdb7fbc60bbe4788

  • SHA512

    208dc7b2724a8295198323d0e1eb7f076781ab965a9231a14482bf97bf5502ec2bb04448c50bfb724612516b359f1d4c18cfc7f6bb65aab4714b06080b55beca

  • SSDEEP

    6144:aYhHdanjQ7VTDhT55QrHu1tIiKj+qOMlZQxdS/2sAUT6YIBa2pyyhD8Y+p:th9OjQ7VTDf5QryhKVtZQLS/u+jIBaZ5

Malware Config

Targets

    • Target

      d7927c417e3d4da2934641d84a008e83_JaffaCakes118

    • Size

      302KB

    • MD5

      d7927c417e3d4da2934641d84a008e83

    • SHA1

      b0234c7be3321053b39b77855cfe99573240c39d

    • SHA256

      9689cb65fedbd0b1cfba22cb8dba66dd9ac2c5146c4d3a00fdb7fbc60bbe4788

    • SHA512

      208dc7b2724a8295198323d0e1eb7f076781ab965a9231a14482bf97bf5502ec2bb04448c50bfb724612516b359f1d4c18cfc7f6bb65aab4714b06080b55beca

    • SSDEEP

      6144:aYhHdanjQ7VTDhT55QrHu1tIiKj+qOMlZQxdS/2sAUT6YIBa2pyyhD8Y+p:th9OjQ7VTDf5QryhKVtZQLS/u+jIBaZ5

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks