General

  • Target

    da06c96b8011f3ee529c6a22686762cc_JaffaCakes118

  • Size

    252KB

  • Sample

    241209-rlsz7szqay

  • MD5

    da06c96b8011f3ee529c6a22686762cc

  • SHA1

    50b1adce619c1fb76a63c6994b52fb42f52076c9

  • SHA256

    c938ffeeab6e5984622cae44ccaf91e9133c028a9b1866033cd66194d146b0f0

  • SHA512

    65702353301be9e15b17ad39d5c8eae8986ae8aaab409b5608f04f8815c3c64df5eefff8f1238e93bb207bbbbb811620dffd7100c3e82b323c3f2aebf5bf995f

  • SSDEEP

    6144:NP7o9d/CcwUy39NgYngySfx2QI8nx8qv4GQt4N7LYw:p7sCcCL6ySfm8nyGc4pYw

Malware Config

Targets

    • Target

      da06c96b8011f3ee529c6a22686762cc_JaffaCakes118

    • Size

      252KB

    • MD5

      da06c96b8011f3ee529c6a22686762cc

    • SHA1

      50b1adce619c1fb76a63c6994b52fb42f52076c9

    • SHA256

      c938ffeeab6e5984622cae44ccaf91e9133c028a9b1866033cd66194d146b0f0

    • SHA512

      65702353301be9e15b17ad39d5c8eae8986ae8aaab409b5608f04f8815c3c64df5eefff8f1238e93bb207bbbbb811620dffd7100c3e82b323c3f2aebf5bf995f

    • SSDEEP

      6144:NP7o9d/CcwUy39NgYngySfx2QI8nx8qv4GQt4N7LYw:p7sCcCL6ySfm8nyGc4pYw

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks