General
-
Target
67cb1c01c75bff149ff7861c69fc4466_JaffaCakes118
-
Size
909KB
-
Sample
240723-qxfctasfpp
-
MD5
67cb1c01c75bff149ff7861c69fc4466
-
SHA1
24941f17cbfaf6be7983327256234341058d6dc5
-
SHA256
24c07c17891cf017be8d95fc1420e436770e0b707a1ce98cb67d128412e88af5
-
SHA512
a1916f2ef82d64cfc34658a94652b0dc018962625edd9ead107544b50c2d146f4e9e1e32f10548e0ba2c00c328eb8eda317031f1d1d0edc7ba4f2e8b1f508902
-
SSDEEP
24576:fjEqdiCTMMfHNDAxHDGjcAyThDzp+c2Yjk/Pyh7VXr:fjEqk9M/twjkc3zpw87R
Static task
static1
Behavioral task
behavioral1
Sample
67cb1c01c75bff149ff7861c69fc4466_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
67cb1c01c75bff149ff7861c69fc4466_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
darkcomet
Guest1
127.0.0.1:1604
DCMIN_MUTEX-UV5JZRV
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
DvTRSZJUcivg
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
67cb1c01c75bff149ff7861c69fc4466_JaffaCakes118
-
Size
909KB
-
MD5
67cb1c01c75bff149ff7861c69fc4466
-
SHA1
24941f17cbfaf6be7983327256234341058d6dc5
-
SHA256
24c07c17891cf017be8d95fc1420e436770e0b707a1ce98cb67d128412e88af5
-
SHA512
a1916f2ef82d64cfc34658a94652b0dc018962625edd9ead107544b50c2d146f4e9e1e32f10548e0ba2c00c328eb8eda317031f1d1d0edc7ba4f2e8b1f508902
-
SSDEEP
24576:fjEqdiCTMMfHNDAxHDGjcAyThDzp+c2Yjk/Pyh7VXr:fjEqk9M/twjkc3zpw87R
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-