General

  • Target

    dce78c1bc01875e17e404720fd1c252d_JaffaCakes118

  • Size

    659KB

  • Sample

    241210-ehmb2atjbs

  • MD5

    dce78c1bc01875e17e404720fd1c252d

  • SHA1

    5e2a78a3ca1c8a01d1abe467df5cbea0c73e3a68

  • SHA256

    5a41df08f0a1e554c8a54ad710ea35d806399b2bd38700845837745ba2b8baf3

  • SHA512

    8ffb84873a1e90cc037284028dfc8a99194eeccd410c3c598f8a9d874fb4eaa5e14cd5628a78155fdadc8b46351aaec1d8a5493209416b3411052a81dc72c36c

  • SSDEEP

    12288:59AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKO:/AQ6Zx9cxTmOrucTIEFSpOGn

Malware Config

Targets

    • Target

      dce78c1bc01875e17e404720fd1c252d_JaffaCakes118

    • Size

      659KB

    • MD5

      dce78c1bc01875e17e404720fd1c252d

    • SHA1

      5e2a78a3ca1c8a01d1abe467df5cbea0c73e3a68

    • SHA256

      5a41df08f0a1e554c8a54ad710ea35d806399b2bd38700845837745ba2b8baf3

    • SHA512

      8ffb84873a1e90cc037284028dfc8a99194eeccd410c3c598f8a9d874fb4eaa5e14cd5628a78155fdadc8b46351aaec1d8a5493209416b3411052a81dc72c36c

    • SSDEEP

      12288:59AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKO:/AQ6Zx9cxTmOrucTIEFSpOGn

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Modifies firewall policy service

    • Windows security bypass

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks