General

  • Target

    de4827e4879fc14a65133478895bf742_JaffaCakes118

  • Size

    766KB

  • Sample

    241210-x2bzhsznhn

  • MD5

    de4827e4879fc14a65133478895bf742

  • SHA1

    38ca0f794976147b3cb56e5bddebe292ce3b11c9

  • SHA256

    125aa1a042a5b5fd47979b612930348bfd2bc03cc8a7198535a576439a78a0c2

  • SHA512

    4bca18d80bcf8b8c946d3d8878b3e3a1c2725c20c41d51b38c138255810eaa329b2968c561cc3efca0a0dc063a646c53ab4b580f27c2d8b50320bb44e4abf90e

  • SSDEEP

    12288:/Muo3R2vENhB8JnOA2IVyhXF132N1eNSVUt29MW2SdKO8VdsJkl7+G07FKH83bqM:/lo3R2vcB8JOAg1gNAgOI912SgZVdsJB

Malware Config

Targets

    • Target

      de4827e4879fc14a65133478895bf742_JaffaCakes118

    • Size

      766KB

    • MD5

      de4827e4879fc14a65133478895bf742

    • SHA1

      38ca0f794976147b3cb56e5bddebe292ce3b11c9

    • SHA256

      125aa1a042a5b5fd47979b612930348bfd2bc03cc8a7198535a576439a78a0c2

    • SHA512

      4bca18d80bcf8b8c946d3d8878b3e3a1c2725c20c41d51b38c138255810eaa329b2968c561cc3efca0a0dc063a646c53ab4b580f27c2d8b50320bb44e4abf90e

    • SSDEEP

      12288:/Muo3R2vENhB8JnOA2IVyhXF132N1eNSVUt29MW2SdKO8VdsJkl7+G07FKH83bqM:/lo3R2vcB8JOAg1gNAgOI912SgZVdsJB

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks