General

  • Target

    db6ba29deac32256e74e93de3c50bedb_JaffaCakes118

  • Size

    767KB

  • Sample

    241209-zcp6yszpg1

  • MD5

    db6ba29deac32256e74e93de3c50bedb

  • SHA1

    14ac2f72e88bc7416ded3eac0c432b8f7681a87d

  • SHA256

    5a8dd6e662e77c59a4636cdbcac84f24fa11374626b47a6a8fb86cc41f340f9e

  • SHA512

    e20b455226ee1511cf331aa963fdbeae06c03dd2406c65debd9b886844c88bd2d6809f72d3faaa993515bb15d45b34757d2aa7b516f2dba471110962b7de3374

  • SSDEEP

    12288:vgeVQkTrvj4f5IUFsmzU0pA09K5Xv+lsqllCOfhw/Xw0cOhkgGob0nAjklPE1d8S:vZQkTf4f+UbTUv+aqlNhwPw0cOanTl+7

Malware Config

Targets

    • Target

      db6ba29deac32256e74e93de3c50bedb_JaffaCakes118

    • Size

      767KB

    • MD5

      db6ba29deac32256e74e93de3c50bedb

    • SHA1

      14ac2f72e88bc7416ded3eac0c432b8f7681a87d

    • SHA256

      5a8dd6e662e77c59a4636cdbcac84f24fa11374626b47a6a8fb86cc41f340f9e

    • SHA512

      e20b455226ee1511cf331aa963fdbeae06c03dd2406c65debd9b886844c88bd2d6809f72d3faaa993515bb15d45b34757d2aa7b516f2dba471110962b7de3374

    • SSDEEP

      12288:vgeVQkTrvj4f5IUFsmzU0pA09K5Xv+lsqllCOfhw/Xw0cOhkgGob0nAjklPE1d8S:vZQkTf4f+UbTUv+aqlNhwPw0cOanTl+7

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks