General

  • Target

    dfabb9262066bbbbb9e64472e5cb8e9b_JaffaCakes118

  • Size

    714KB

  • Sample

    241211-dqxx3ayjdj

  • MD5

    dfabb9262066bbbbb9e64472e5cb8e9b

  • SHA1

    c1e3344b13cd6740dc8b266a23c80de82c0a69a3

  • SHA256

    c0e3874a1e2e8ea6dc47d5a182fbfb3ff73de60c488e2deedafaff4e58d5bfb1

  • SHA512

    51828ac38974ad54eaa404997e616b6b1cf6ca3539e5925f25939eab3ba99e35f6db5891a099c3b75f327148a014dc510fa44fc5f54fdb1f7f1dbb31bdf1aa4d

  • SSDEEP

    12288:SaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdP:DAEENIq8XwyVPQclDq/+WnpsSP

Malware Config

Targets

    • Target

      dfabb9262066bbbbb9e64472e5cb8e9b_JaffaCakes118

    • Size

      714KB

    • MD5

      dfabb9262066bbbbb9e64472e5cb8e9b

    • SHA1

      c1e3344b13cd6740dc8b266a23c80de82c0a69a3

    • SHA256

      c0e3874a1e2e8ea6dc47d5a182fbfb3ff73de60c488e2deedafaff4e58d5bfb1

    • SHA512

      51828ac38974ad54eaa404997e616b6b1cf6ca3539e5925f25939eab3ba99e35f6db5891a099c3b75f327148a014dc510fa44fc5f54fdb1f7f1dbb31bdf1aa4d

    • SSDEEP

      12288:SaAchpWsuVTv7ItY8XljyypHP7cOLBev03hlULsmWZ++09ZcKDVsgdP:DAEENIq8XwyVPQclDq/+WnpsSP

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks