General
-
Target
c80c76f303ecda2a75c7719539987692_JaffaCakes118
-
Size
821KB
-
Sample
241205-rcl6asxnet
-
MD5
c80c76f303ecda2a75c7719539987692
-
SHA1
172f56e99ae2428dc12f72ed085f3fdc8d361368
-
SHA256
042b817574858b81ea5b48845ac43d5b6b2ea22505510578fcd3da19d89eb6f8
-
SHA512
8e1ad1f010a3df7cfd47c6d19072fb550cbaf5a8ca9bbef6c5e060650e97507c0cee710a660f45a1e036f54151d2d4f9b34400a373f9a0dda0bc62577d55596e
-
SSDEEP
12288:q+/NvNnSbiTldkLjiLAd5FqQ5kIVeHKOTYIfm2jzeWeJnc:q+/NlnWiTldNUdfqyr2K8tCjN
Static task
static1
Behavioral task
behavioral1
Sample
c80c76f303ecda2a75c7719539987692_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c80c76f303ecda2a75c7719539987692_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
YES
zchau.no-ip.biz:1604
DC_MUTEX-VY9JREP
-
gencode
6hJTqKYeY6qG
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
c80c76f303ecda2a75c7719539987692_JaffaCakes118
-
Size
821KB
-
MD5
c80c76f303ecda2a75c7719539987692
-
SHA1
172f56e99ae2428dc12f72ed085f3fdc8d361368
-
SHA256
042b817574858b81ea5b48845ac43d5b6b2ea22505510578fcd3da19d89eb6f8
-
SHA512
8e1ad1f010a3df7cfd47c6d19072fb550cbaf5a8ca9bbef6c5e060650e97507c0cee710a660f45a1e036f54151d2d4f9b34400a373f9a0dda0bc62577d55596e
-
SSDEEP
12288:q+/NvNnSbiTldkLjiLAd5FqQ5kIVeHKOTYIfm2jzeWeJnc:q+/NlnWiTldNUdfqyr2K8tCjN
-
Darkcomet family
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1