General

  • Target

    df59496ce9d9eba8bfc447c066650a04_JaffaCakes118

  • Size

    737KB

  • Sample

    241211-btd81stlfp

  • MD5

    df59496ce9d9eba8bfc447c066650a04

  • SHA1

    845003070ae7d41c5770dc7805f9d880ed525f56

  • SHA256

    c6fda4c45f1df9cbcc6054256dbe73fd89a332fc8ff8552347c46a6dc364da97

  • SHA512

    eb39eefadcdb7856c4bd44cc9079c1d84093e4fc6fb3ef94a7438d24b5d3b7eaba6c5b6a8a2c81ca3ea79493e3809d611b76add347b72447935040ddbecf066b

  • SSDEEP

    12288:sJmHQJV+Q9zFIs9i3s7Q6jcIaVCc+ZfSpCzrxXUd42/RhSGnfMPxvCVEwVZCJg:sJm+zOsg3snE4c+ZfSp0rxXO42pAcK5e

Malware Config

Targets

    • Target

      df59496ce9d9eba8bfc447c066650a04_JaffaCakes118

    • Size

      737KB

    • MD5

      df59496ce9d9eba8bfc447c066650a04

    • SHA1

      845003070ae7d41c5770dc7805f9d880ed525f56

    • SHA256

      c6fda4c45f1df9cbcc6054256dbe73fd89a332fc8ff8552347c46a6dc364da97

    • SHA512

      eb39eefadcdb7856c4bd44cc9079c1d84093e4fc6fb3ef94a7438d24b5d3b7eaba6c5b6a8a2c81ca3ea79493e3809d611b76add347b72447935040ddbecf066b

    • SSDEEP

      12288:sJmHQJV+Q9zFIs9i3s7Q6jcIaVCc+ZfSpCzrxXUd42/RhSGnfMPxvCVEwVZCJg:sJm+zOsg3snE4c+ZfSp0rxXO42pAcK5e

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks