General
-
Target
d3aa661e379ab45d42e977fe6440320d_JaffaCakes118
-
Size
1.0MB
-
Sample
241207-z6xswstqgx
-
MD5
d3aa661e379ab45d42e977fe6440320d
-
SHA1
d3033071d5e7e099eb1292ac1c29a1ccf9ddc29d
-
SHA256
596742e436c3a63ade42e1f91bb00364a21a3ed3f742122dbe0368280e8f02e9
-
SHA512
2bb2a2678dfd01b47c9617f9d72e9eba589fbebdc074019e0e8776f6575441ca2971252df447648f2c423a0630c49a19a4852e430288e20e763f12cf97ae83a1
-
SSDEEP
24576:n+t551zGlKYkNmyASIHZmHmHMcbG3tbxp1aL9g:n+t55dGimyASIoHmsfbxpE
Static task
static1
Behavioral task
behavioral1
Sample
d3aa661e379ab45d42e977fe6440320d_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
darkcomet
Guest16
68.194.136.134:1604
DC_MUTEX-G293ZDW
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
qG1EhGAmh8HK
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
d3aa661e379ab45d42e977fe6440320d_JaffaCakes118
-
Size
1.0MB
-
MD5
d3aa661e379ab45d42e977fe6440320d
-
SHA1
d3033071d5e7e099eb1292ac1c29a1ccf9ddc29d
-
SHA256
596742e436c3a63ade42e1f91bb00364a21a3ed3f742122dbe0368280e8f02e9
-
SHA512
2bb2a2678dfd01b47c9617f9d72e9eba589fbebdc074019e0e8776f6575441ca2971252df447648f2c423a0630c49a19a4852e430288e20e763f12cf97ae83a1
-
SSDEEP
24576:n+t551zGlKYkNmyASIHZmHmHMcbG3tbxp1aL9g:n+t55dGimyASIoHmsfbxpE
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1