General
-
Target
b4cce273471670645904d27d781edbc7_JaffaCakes118
-
Size
935KB
-
Sample
241130-e64wzssnfy
-
MD5
b4cce273471670645904d27d781edbc7
-
SHA1
7a569c50fc13f4833fad070d9c47a6b8417fceea
-
SHA256
de2cb68fa4b68d9d472ed823ac7124e5c9d0a8232a7407ac710547a26af38599
-
SHA512
1e104a8218b352de7d2f0d787c8e53fccb683d6a7fc9118a2c10136463c83bd86ecce97b21d557d48868918a0bd1fb8bc749cd6691c869fc806548a1926a9774
-
SSDEEP
24576:ZCNZK65lu9ye0NwPR93/ynv54TeeC4MC0:w265l+y8f36nvSF
Behavioral task
behavioral1
Sample
b4cce273471670645904d27d781edbc7_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
möpn
194.166.90.128:1604
DC_MUTEX-WAZ1JK5
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
82L5220nX277
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
b4cce273471670645904d27d781edbc7_JaffaCakes118
-
Size
935KB
-
MD5
b4cce273471670645904d27d781edbc7
-
SHA1
7a569c50fc13f4833fad070d9c47a6b8417fceea
-
SHA256
de2cb68fa4b68d9d472ed823ac7124e5c9d0a8232a7407ac710547a26af38599
-
SHA512
1e104a8218b352de7d2f0d787c8e53fccb683d6a7fc9118a2c10136463c83bd86ecce97b21d557d48868918a0bd1fb8bc749cd6691c869fc806548a1926a9774
-
SSDEEP
24576:ZCNZK65lu9ye0NwPR93/ynv54TeeC4MC0:w265l+y8f36nvSF
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Deletes itself
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
7Virtualization/Sandbox Evasion
1