General

  • Target

    e1666dc9e55fc62fe75f2bfbbbf33994_JaffaCakes118

  • Size

    813KB

  • Sample

    241211-pczqaawpbp

  • MD5

    e1666dc9e55fc62fe75f2bfbbbf33994

  • SHA1

    dc3c69a69ff0864ff038b61c53f69f19d47ed80a

  • SHA256

    07827eafa7579ec17e71aed6faed2ee29eb427c589962be298e26a732ff1897d

  • SHA512

    eabd298dff4b9a342fe6f6a90f310d63e3bf25e2556191bd2ce0d4103e25dd37d51de2a5de2a59fe588810b48cd26ec1c9f34b552b4acfec958e4d89a3f9c329

  • SSDEEP

    24576:xbsRhlHPETniv6iatoAKCYblZzvOoya2T9W0SS+U/RRSj/wxVAPYYvvG:FsRhlHPETniv6iatoAKCYbl9moya2p0C

Malware Config

Targets

    • Target

      e1666dc9e55fc62fe75f2bfbbbf33994_JaffaCakes118

    • Size

      813KB

    • MD5

      e1666dc9e55fc62fe75f2bfbbbf33994

    • SHA1

      dc3c69a69ff0864ff038b61c53f69f19d47ed80a

    • SHA256

      07827eafa7579ec17e71aed6faed2ee29eb427c589962be298e26a732ff1897d

    • SHA512

      eabd298dff4b9a342fe6f6a90f310d63e3bf25e2556191bd2ce0d4103e25dd37d51de2a5de2a59fe588810b48cd26ec1c9f34b552b4acfec958e4d89a3f9c329

    • SSDEEP

      24576:xbsRhlHPETniv6iatoAKCYblZzvOoya2T9W0SS+U/RRSj/wxVAPYYvvG:FsRhlHPETniv6iatoAKCYbl9moya2p0C

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks