General

  • Target

    f4630b61a73be4dd2a06cb1daf852ad5_JaffaCakes118

  • Size

    824KB

  • Sample

    241215-rmzt5swrez

  • MD5

    f4630b61a73be4dd2a06cb1daf852ad5

  • SHA1

    2a0d4498c6116f71babdec9b12e66da8e15a7061

  • SHA256

    9ccd55fbd0fbf72e74d9c4a293a84e91a764cb11835774a32cf7432e1ad58df7

  • SHA512

    4e3ecd60f7546e97382738a7b4253f015a8aef3492357f0b8b7fc76a69d6f32fab348eda98c9f3a9644a17aaea025564a6e87d27cd419c7dfe857d21918599a7

  • SSDEEP

    24576:1nuXyIyxS+2UT5G6vDj4Vl1H8Pgrg4yzv2j:1uCzfw8gVLH8PgWE

Malware Config

Targets

    • Target

      f4630b61a73be4dd2a06cb1daf852ad5_JaffaCakes118

    • Size

      824KB

    • MD5

      f4630b61a73be4dd2a06cb1daf852ad5

    • SHA1

      2a0d4498c6116f71babdec9b12e66da8e15a7061

    • SHA256

      9ccd55fbd0fbf72e74d9c4a293a84e91a764cb11835774a32cf7432e1ad58df7

    • SHA512

      4e3ecd60f7546e97382738a7b4253f015a8aef3492357f0b8b7fc76a69d6f32fab348eda98c9f3a9644a17aaea025564a6e87d27cd419c7dfe857d21918599a7

    • SSDEEP

      24576:1nuXyIyxS+2UT5G6vDj4Vl1H8Pgrg4yzv2j:1uCzfw8gVLH8PgWE

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks