General

  • Target

    e7c225008df3ce32c2100db88f750772_JaffaCakes118

  • Size

    251KB

  • Sample

    241212-xdg6mavpaj

  • MD5

    e7c225008df3ce32c2100db88f750772

  • SHA1

    479e07478d2f05f584765a78ad135e518dd76c44

  • SHA256

    2a58986678032748ea8a1179faf8b925069de84ac92f7de852547515ed8f9122

  • SHA512

    aa1683754279058cca005fa84ac534537696d8dbbdbb668c0713d458525ea87865b5476720bd151ea550213fea0150861a83986ef083b49292b021740371cda2

  • SSDEEP

    6144:EYqt/vTpwbGgq7Sherr7nVHQr41qEk+i:HqtT2ag1errrV6CHk

Malware Config

Targets

    • Target

      e7c225008df3ce32c2100db88f750772_JaffaCakes118

    • Size

      251KB

    • MD5

      e7c225008df3ce32c2100db88f750772

    • SHA1

      479e07478d2f05f584765a78ad135e518dd76c44

    • SHA256

      2a58986678032748ea8a1179faf8b925069de84ac92f7de852547515ed8f9122

    • SHA512

      aa1683754279058cca005fa84ac534537696d8dbbdbb668c0713d458525ea87865b5476720bd151ea550213fea0150861a83986ef083b49292b021740371cda2

    • SSDEEP

      6144:EYqt/vTpwbGgq7Sherr7nVHQr41qEk+i:HqtT2ag1errrV6CHk

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies firewall policy service

    • Modifies security service

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks