General

  • Target

    e61acbbe8d56d25353e59ad455fc2d0f_JaffaCakes118

  • Size

    703KB

  • Sample

    241212-nacx3atrbj

  • MD5

    e61acbbe8d56d25353e59ad455fc2d0f

  • SHA1

    8a1732f7181c45cec4392dbe6ec8bac518fa8e75

  • SHA256

    d2fae7ef9a11f7775d69a40f704e276966680da6f3789a5babfcd18fd943529a

  • SHA512

    12027b8eb60c647c2a560980c2c7cca96c65991593563af321a1dae0351b42d733f6fda68cd0fc050e4c06dfbae9480a78d1778dc725b390a58b032d87785969

  • SSDEEP

    12288:o1iq/ujdrDqfnDqPoM7yowPeLddpSa/M4bkFzK/igahDyXhGr76:o1A4f4+owyO4AFzbBhuX06

Malware Config

Targets

    • Target

      e61acbbe8d56d25353e59ad455fc2d0f_JaffaCakes118

    • Size

      703KB

    • MD5

      e61acbbe8d56d25353e59ad455fc2d0f

    • SHA1

      8a1732f7181c45cec4392dbe6ec8bac518fa8e75

    • SHA256

      d2fae7ef9a11f7775d69a40f704e276966680da6f3789a5babfcd18fd943529a

    • SHA512

      12027b8eb60c647c2a560980c2c7cca96c65991593563af321a1dae0351b42d733f6fda68cd0fc050e4c06dfbae9480a78d1778dc725b390a58b032d87785969

    • SSDEEP

      12288:o1iq/ujdrDqfnDqPoM7yowPeLddpSa/M4bkFzK/igahDyXhGr76:o1A4f4+owyO4AFzbBhuX06

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks