Resubmissions

10-12-2024 23:00

241210-2y3qaatmcz 10

General

  • Target

    dedd075c79305e69cf9cec3c757ecd89_JaffaCakes118

  • Size

    532KB

  • Sample

    241210-2y3qaatmcz

  • MD5

    dedd075c79305e69cf9cec3c757ecd89

  • SHA1

    1e39c5446aa23168c8a549907a237c1cbf246f21

  • SHA256

    bca9c9b7d76727bc66cdccd93d506b11f8784e1ffa38b1b124a4c25f75aa7b3d

  • SHA512

    193dbb20c33eccaa76dcd8a501034c16e81a78e3fa260834085bf871e86fb79cbe68e756d1783ececef903f21bcc32d74d2889da3b4a3ff848e7a1f69b147c98

  • SSDEEP

    12288:yboBeI1XTheTFJubyk2CK9oi/HwxH+iey27nCz:1kIthKrutMb/HtieB

Malware Config

Targets

    • Target

      dedd075c79305e69cf9cec3c757ecd89_JaffaCakes118

    • Size

      532KB

    • MD5

      dedd075c79305e69cf9cec3c757ecd89

    • SHA1

      1e39c5446aa23168c8a549907a237c1cbf246f21

    • SHA256

      bca9c9b7d76727bc66cdccd93d506b11f8784e1ffa38b1b124a4c25f75aa7b3d

    • SHA512

      193dbb20c33eccaa76dcd8a501034c16e81a78e3fa260834085bf871e86fb79cbe68e756d1783ececef903f21bcc32d74d2889da3b4a3ff848e7a1f69b147c98

    • SSDEEP

      12288:yboBeI1XTheTFJubyk2CK9oi/HwxH+iey27nCz:1kIthKrutMb/HtieB

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks