General

  • Target

    dfe9edfceb1ca6ebb94dd18919bfadeb_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241211-e9q5as1qdq

  • MD5

    dfe9edfceb1ca6ebb94dd18919bfadeb

  • SHA1

    178d4e316cdd7b707089928f6beaa91314eec834

  • SHA256

    5c64f7f80b09582f6ad8049c4b7e9ea5ab62006630df5941a6733544fce5940d

  • SHA512

    602746e05e90aa48288658bd97df8488a443d82c7f808294bb946435a1c8fcaa715e42711a62a4e455a5f8a918c3169aedabed7a073e1a66e959c2aab3e8071c

  • SSDEEP

    24576:u2EBg1IYJE7MyO1RnYBRIKJhbO+jqM72mKePXVhZU0WABFlPF:S4JE7MRjYBRIKJ5Osr7cMFfU0nBFNF

Malware Config

Targets

    • Target

      dfe9edfceb1ca6ebb94dd18919bfadeb_JaffaCakes118

    • Size

      1.3MB

    • MD5

      dfe9edfceb1ca6ebb94dd18919bfadeb

    • SHA1

      178d4e316cdd7b707089928f6beaa91314eec834

    • SHA256

      5c64f7f80b09582f6ad8049c4b7e9ea5ab62006630df5941a6733544fce5940d

    • SHA512

      602746e05e90aa48288658bd97df8488a443d82c7f808294bb946435a1c8fcaa715e42711a62a4e455a5f8a918c3169aedabed7a073e1a66e959c2aab3e8071c

    • SSDEEP

      24576:u2EBg1IYJE7MyO1RnYBRIKJhbO+jqM72mKePXVhZU0WABFlPF:S4JE7MRjYBRIKJ5Osr7cMFfU0nBFNF

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks