General
-
Target
b19eda147b532b40f1d44c452644760d_JaffaCakes118
-
Size
933KB
-
Sample
241129-q2c39asren
-
MD5
b19eda147b532b40f1d44c452644760d
-
SHA1
d0d43ca58a94af46c4eb0f2f8afcc37b455ed8c8
-
SHA256
f885db8ff4beeb0de5ee6cf22eb6f87890c60496b9fb9fb2d5b5dce4ce4060d4
-
SHA512
a96a1fe4750e289b0981a88972ce349c99d78f169aaf59966e31fc53a3e448fc850849f092756af4cb21770b9e92d776338a3568101d8ad5cfae79c34c5e4dfa
-
SSDEEP
24576:f1WgdwU0MlRDXoGqgnZ58wkZ1B+QtiE8ZRXbXFpF6AcInqti0:9dwUnu8Z56wbE8nXbXFn6AcWui0
Static task
static1
Behavioral task
behavioral1
Sample
b19eda147b532b40f1d44c452644760d_JaffaCakes118.exe
Resource
win7-20241023-en
Malware Config
Extracted
darkcomet
Guest16
95.133.3.230:1604
DC_MUTEX-D1XJ1Z3
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
UprUuFRJwerw
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
b19eda147b532b40f1d44c452644760d_JaffaCakes118
-
Size
933KB
-
MD5
b19eda147b532b40f1d44c452644760d
-
SHA1
d0d43ca58a94af46c4eb0f2f8afcc37b455ed8c8
-
SHA256
f885db8ff4beeb0de5ee6cf22eb6f87890c60496b9fb9fb2d5b5dce4ce4060d4
-
SHA512
a96a1fe4750e289b0981a88972ce349c99d78f169aaf59966e31fc53a3e448fc850849f092756af4cb21770b9e92d776338a3568101d8ad5cfae79c34c5e4dfa
-
SSDEEP
24576:f1WgdwU0MlRDXoGqgnZ58wkZ1B+QtiE8ZRXbXFpF6AcInqti0:9dwUnu8Z56wbE8nXbXFn6AcWui0
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1