General

  • Target

    fdfd30f62f5acfa786fa6c3683483ed0_JaffaCakes118

  • Size

    764KB

  • Sample

    241219-cel6rasjax

  • MD5

    fdfd30f62f5acfa786fa6c3683483ed0

  • SHA1

    a18da8343bed1fc3afa2b8a61dbe920adea96008

  • SHA256

    b7f66d90407d2c446d179d3e0c224311b7d23c2f2079a9ea038074a016a850d1

  • SHA512

    fda68da06dbd7d8ddb4dd45102c2216e0d2bf5e581a975d006ea2e58d3819163a7d29b42f733c1a702f0bff6cef3f6383a16875593aa520d4fab6abfd8c0cacc

  • SSDEEP

    12288:Bfbh3edoSdPDze9LBApPsKNoeP313umLcUmyqC+N/jXI0:NR8oYzS12PVaA3LLRHqC+ljX

Malware Config

Targets

    • Target

      fdfd30f62f5acfa786fa6c3683483ed0_JaffaCakes118

    • Size

      764KB

    • MD5

      fdfd30f62f5acfa786fa6c3683483ed0

    • SHA1

      a18da8343bed1fc3afa2b8a61dbe920adea96008

    • SHA256

      b7f66d90407d2c446d179d3e0c224311b7d23c2f2079a9ea038074a016a850d1

    • SHA512

      fda68da06dbd7d8ddb4dd45102c2216e0d2bf5e581a975d006ea2e58d3819163a7d29b42f733c1a702f0bff6cef3f6383a16875593aa520d4fab6abfd8c0cacc

    • SSDEEP

      12288:Bfbh3edoSdPDze9LBApPsKNoeP313umLcUmyqC+N/jXI0:NR8oYzS12PVaA3LLRHqC+ljX

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Darkcomet family

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks