General

  • Target

    f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118

  • Size

    3.5MB

  • Sample

    241215-gf3mcavrh1

  • MD5

    f290bcd0a10a945a27348528ae1e28b8

  • SHA1

    f431bc91f1026e3a644756f08f20769a6be52c4a

  • SHA256

    91e123c82523c2fc331266650bb55ecadad77be08673da19f24eed10236652d1

  • SHA512

    42de9a08423f02c94217097ee7912817ccb86614a708cb7b9936f6586240d63824c898847292312a64993b834d13e193666765f57ae218a0de1032b323dfe85e

  • SSDEEP

    98304:u5x9gcLho+OZPR/bERxZET+0O4eMLc9mDSR9ZBD0iDb+eV:u5Mcl+TYr2The4jU9j4iDb+e

Malware Config

Targets

    • Target

      f290bcd0a10a945a27348528ae1e28b8_JaffaCakes118

    • Size

      3.5MB

    • MD5

      f290bcd0a10a945a27348528ae1e28b8

    • SHA1

      f431bc91f1026e3a644756f08f20769a6be52c4a

    • SHA256

      91e123c82523c2fc331266650bb55ecadad77be08673da19f24eed10236652d1

    • SHA512

      42de9a08423f02c94217097ee7912817ccb86614a708cb7b9936f6586240d63824c898847292312a64993b834d13e193666765f57ae218a0de1032b323dfe85e

    • SSDEEP

      98304:u5x9gcLho+OZPR/bERxZET+0O4eMLc9mDSR9ZBD0iDb+eV:u5Mcl+TYr2The4jU9j4iDb+e

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks