General
-
Target
7ba8f99c23717ccc5d3cdc2097ee8944_JaffaCakes118
-
Size
414KB
-
Sample
240528-etx8nsfd66
-
MD5
7ba8f99c23717ccc5d3cdc2097ee8944
-
SHA1
9a2f758b75225c4b686817e3f890e72d30a88dde
-
SHA256
0e061811d07fc95f03c8c35b2f1f8fbc21d3cf2e0dc21569fdc5b40cfd6d13a0
-
SHA512
402e7aecf374c4c8b1c38b9a44f7247fc839acf5c9404fb917b2a1b5883eb3d364804c2b417576d4baeedd0ba2e4392e89afd9b83a221b867dca207e0dbe84ca
-
SSDEEP
12288:X3nZMhJ+ubNHMg9pTRNwr661J6Hxv4oitm:X3nZqfbtMg7fJ6mxvwtm
Static task
static1
Behavioral task
behavioral1
Sample
7ba8f99c23717ccc5d3cdc2097ee8944_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7ba8f99c23717ccc5d3cdc2097ee8944_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:1604
DCMIN_MUTEX-QXY8E2R
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
Skb1w34uDDJ3
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
7ba8f99c23717ccc5d3cdc2097ee8944_JaffaCakes118
-
Size
414KB
-
MD5
7ba8f99c23717ccc5d3cdc2097ee8944
-
SHA1
9a2f758b75225c4b686817e3f890e72d30a88dde
-
SHA256
0e061811d07fc95f03c8c35b2f1f8fbc21d3cf2e0dc21569fdc5b40cfd6d13a0
-
SHA512
402e7aecf374c4c8b1c38b9a44f7247fc839acf5c9404fb917b2a1b5883eb3d364804c2b417576d4baeedd0ba2e4392e89afd9b83a221b867dca207e0dbe84ca
-
SSDEEP
12288:X3nZMhJ+ubNHMg9pTRNwr661J6Hxv4oitm:X3nZqfbtMg7fJ6mxvwtm
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-