General
-
Target
fd1e44d11808ca91a7940d24bf658fcd_JaffaCakes118
-
Size
659KB
-
Sample
240928-zmbrbayejh
-
MD5
fd1e44d11808ca91a7940d24bf658fcd
-
SHA1
2a59d28f1db6f19200cbb4231e2d28b718bbda55
-
SHA256
31aef57a9f9140e19af0ccbb0b348a8122f609a4e7f68f987cf4fe3f1ede6ce1
-
SHA512
9541acdf8794c381573ec1153152e65bb26465022fa549088aceb960449f3282ca718507cb35e197117c0d88466b4cdda0f4a839d34e9054b59576f8e0f34bee
-
SSDEEP
12288:EX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/Q0p:Css2Sm39NNv9wY7tHwbzfIoK6Moh
Behavioral task
behavioral1
Sample
fd1e44d11808ca91a7940d24bf658fcd_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fd1e44d11808ca91a7940d24bf658fcd_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
darkcomet
Guest16_min
127.0.0.1:1604
DCMIN_MUTEX-7KRY2U5
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
RsiwuiVSWNDE
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
fd1e44d11808ca91a7940d24bf658fcd_JaffaCakes118
-
Size
659KB
-
MD5
fd1e44d11808ca91a7940d24bf658fcd
-
SHA1
2a59d28f1db6f19200cbb4231e2d28b718bbda55
-
SHA256
31aef57a9f9140e19af0ccbb0b348a8122f609a4e7f68f987cf4fe3f1ede6ce1
-
SHA512
9541acdf8794c381573ec1153152e65bb26465022fa549088aceb960449f3282ca718507cb35e197117c0d88466b4cdda0f4a839d34e9054b59576f8e0f34bee
-
SSDEEP
12288:EX2JVHMRtDaSm3TJvVNvWV5YTsY7tHwbz/htfcoCoK632zb7G/Q0p:Css2Sm39NNv9wY7tHwbzfIoK6Moh
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1