General

  • Target

    e3ac086e05519d02d084b21de51612ba_JaffaCakes118

  • Size

    740KB

  • Sample

    241211-3eygwswrdl

  • MD5

    e3ac086e05519d02d084b21de51612ba

  • SHA1

    db22753a6d45ad3f7643be0bb3deefe088bfc976

  • SHA256

    93ebe4ba70b2d0b1d256d395fcc1bdca173ac7c1840bf92baaa5daf3f905c89f

  • SHA512

    ef8c9b8029893e23afe72b36bb836045f66ddb4881e6555a0dfce5f3fe093bc051c9df360d923fc0100b07ac5764210298dab9deaf83e677bfee6c8ea41cee48

  • SSDEEP

    12288:XMMz37ac3XEDhkx9vFD5PJ8FSwq0TqvG7V1UnjrsaWgz/Hdsaeh3x:XZz37acHENkjvvPqFSwq0TquR1YAaWG2

Malware Config

Targets

    • Target

      e3ac086e05519d02d084b21de51612ba_JaffaCakes118

    • Size

      740KB

    • MD5

      e3ac086e05519d02d084b21de51612ba

    • SHA1

      db22753a6d45ad3f7643be0bb3deefe088bfc976

    • SHA256

      93ebe4ba70b2d0b1d256d395fcc1bdca173ac7c1840bf92baaa5daf3f905c89f

    • SHA512

      ef8c9b8029893e23afe72b36bb836045f66ddb4881e6555a0dfce5f3fe093bc051c9df360d923fc0100b07ac5764210298dab9deaf83e677bfee6c8ea41cee48

    • SSDEEP

      12288:XMMz37ac3XEDhkx9vFD5PJ8FSwq0TqvG7V1UnjrsaWgz/Hdsaeh3x:XZz37acHENkjvvPqFSwq0TquR1YAaWG2

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks