General

  • Target

    f8467042a759d96704fa3a7d7431c81b_JaffaCakes118

  • Size

    646KB

  • Sample

    241216-ky45nsvjdn

  • MD5

    f8467042a759d96704fa3a7d7431c81b

  • SHA1

    aa5d4da99373f8b72c36f6c8d4673c007997218f

  • SHA256

    451c3d0650fd4c2d6a4d2df2b84d140c6667ce22cc3d5b2e91c85498786beb00

  • SHA512

    3c40083de05105cf51913bcf70201be73d984d405819fa4ce1abe9a5656b5a0c917c3bc1479b04e4086acafb4beaf8469884a60cdae5a3e380f7f1b5a6b4a900

  • SSDEEP

    12288:48UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixV:RUKoN0bUxgGa/pfBHDb+y1HgZf

Malware Config

Targets

    • Target

      f8467042a759d96704fa3a7d7431c81b_JaffaCakes118

    • Size

      646KB

    • MD5

      f8467042a759d96704fa3a7d7431c81b

    • SHA1

      aa5d4da99373f8b72c36f6c8d4673c007997218f

    • SHA256

      451c3d0650fd4c2d6a4d2df2b84d140c6667ce22cc3d5b2e91c85498786beb00

    • SHA512

      3c40083de05105cf51913bcf70201be73d984d405819fa4ce1abe9a5656b5a0c917c3bc1479b04e4086acafb4beaf8469884a60cdae5a3e380f7f1b5a6b4a900

    • SSDEEP

      12288:48UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixV:RUKoN0bUxgGa/pfBHDb+y1HgZf

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks