General
-
Target
2c8cd6bf7086f60d67f5a05b9d7be48a_JaffaCakes118
-
Size
1.2MB
-
Sample
241009-hcmbmashqd
-
MD5
2c8cd6bf7086f60d67f5a05b9d7be48a
-
SHA1
6e50d6d32e174ecf7f2b028a5f966805cf23ce1e
-
SHA256
996d6fa70b4a483110c82d4cfd22151697a7b658ec380740da13ece41d0c051e
-
SHA512
e76bfcf6fe140cbc93f7dc5a83c1e8c149231038cba2699b2b951278e770fad49b08e73ee71ec47ded409d61eb43219c83a977372a37b0db351286a8cf32837d
-
SSDEEP
24576:KPWS1H6NYo3l7Xh56k+PU09dgyUJG4+eLTyy3GvRXrtt5GMPew:pK6NR3VxQTPH9dJwG9eLsRX/BPew
Behavioral task
behavioral1
Sample
2c8cd6bf7086f60d67f5a05b9d7be48a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2c8cd6bf7086f60d67f5a05b9d7be48a_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
Guest16_min
imdeniil.no-ip.org:1604
DCMIN_MUTEX-XKB8VQP
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
dFbBHEcSRkuB
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
2c8cd6bf7086f60d67f5a05b9d7be48a_JaffaCakes118
-
Size
1.2MB
-
MD5
2c8cd6bf7086f60d67f5a05b9d7be48a
-
SHA1
6e50d6d32e174ecf7f2b028a5f966805cf23ce1e
-
SHA256
996d6fa70b4a483110c82d4cfd22151697a7b658ec380740da13ece41d0c051e
-
SHA512
e76bfcf6fe140cbc93f7dc5a83c1e8c149231038cba2699b2b951278e770fad49b08e73ee71ec47ded409d61eb43219c83a977372a37b0db351286a8cf32837d
-
SSDEEP
24576:KPWS1H6NYo3l7Xh56k+PU09dgyUJG4+eLTyy3GvRXrtt5GMPew:pK6NR3VxQTPH9dJwG9eLsRX/BPew
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1