General

  • Target

    dec6b9431567bd99f11d8345e6a0b1f0_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241210-2hlf3axnfm

  • MD5

    dec6b9431567bd99f11d8345e6a0b1f0

  • SHA1

    b9ea665b016ff72fa4f10821985935077cac7ee9

  • SHA256

    6c8ce9e3b990fdc66f3bc8b16400bc3d6a7d008fcbce559c4db03fce2b2997a4

  • SHA512

    887d029bb75637d80b1f20156df34bca74030b7718268c6b5d56e655bd1205ec931018ba93e5e03e5bf4939bdf8548ef1063b91c79d4d9f9b1920cf5b3161361

  • SSDEEP

    12288:taWzgMg7v3qnCiMErQohh0F4CCJ8lnyC8rdoH8DVtEH3YsITP9e+JKf3+/2D:saHMv6CorjqnyC8xlDoYsITRJKm2D

Malware Config

Targets

    • Target

      dec6b9431567bd99f11d8345e6a0b1f0_JaffaCakes118

    • Size

      1.0MB

    • MD5

      dec6b9431567bd99f11d8345e6a0b1f0

    • SHA1

      b9ea665b016ff72fa4f10821985935077cac7ee9

    • SHA256

      6c8ce9e3b990fdc66f3bc8b16400bc3d6a7d008fcbce559c4db03fce2b2997a4

    • SHA512

      887d029bb75637d80b1f20156df34bca74030b7718268c6b5d56e655bd1205ec931018ba93e5e03e5bf4939bdf8548ef1063b91c79d4d9f9b1920cf5b3161361

    • SSDEEP

      12288:taWzgMg7v3qnCiMErQohh0F4CCJ8lnyC8rdoH8DVtEH3YsITP9e+JKf3+/2D:saHMv6CorjqnyC8xlDoYsITRJKm2D

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks