General
-
Target
8b30c499eaed4ad619c1662029560df8_JaffaCakes118
-
Size
2.1MB
-
Sample
240811-vf3h8ssgjh
-
MD5
8b30c499eaed4ad619c1662029560df8
-
SHA1
a58c9c4517653d76f9bf782367bc6b650e6ba1f1
-
SHA256
6c1e71d8911cb2a9443171f38282090d9732404e7b34724f10356c7f51de7f62
-
SHA512
c97458a5665f7f62074fcf0f69c9e83403f54e94b606deec11c18c65abb7cf68d7e5e673ad70ce1efcee2c2622278cd3cbea450217139d35953d71a3f73cd56f
-
SSDEEP
49152:82/TQc0kxannkOtRN2NwwyYFFJfn9yNVf/Gk:82akAnbRYNTVtfkV3N
Static task
static1
Behavioral task
behavioral1
Sample
8b30c499eaed4ad619c1662029560df8_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8b30c499eaed4ad619c1662029560df8_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
darkcomet
Guest16
24.146.156.183:1604
DC_MUTEX-KG3ESDK
-
InstallPath
WindowsServerMSDCSC\msdcsc.exe
-
gencode
ZnkbUqZvQNoh
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
8b30c499eaed4ad619c1662029560df8_JaffaCakes118
-
Size
2.1MB
-
MD5
8b30c499eaed4ad619c1662029560df8
-
SHA1
a58c9c4517653d76f9bf782367bc6b650e6ba1f1
-
SHA256
6c1e71d8911cb2a9443171f38282090d9732404e7b34724f10356c7f51de7f62
-
SHA512
c97458a5665f7f62074fcf0f69c9e83403f54e94b606deec11c18c65abb7cf68d7e5e673ad70ce1efcee2c2622278cd3cbea450217139d35953d71a3f73cd56f
-
SSDEEP
49152:82/TQc0kxannkOtRN2NwwyYFFJfn9yNVf/Gk:82akAnbRYNTVtfkV3N
-
Modifies WinLogon for persistence
-
Disables Task Manager via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1