General
-
Target
dcddac42de4c2fc0364b9a343bf1a344_JaffaCakes118
-
Size
253KB
-
Sample
241210-ea9scssqaw
-
MD5
dcddac42de4c2fc0364b9a343bf1a344
-
SHA1
3f328948addf10670e26eb2e400df752c2256c6a
-
SHA256
e77f7308e33f65c60c4583403757b922f60c2b652be673c6f05d3bb8e5cbaebc
-
SHA512
5b10125fd3ef4a4a81458cd5d41fdf62bab0b45ec36219be8040a071dca9da3db09f463548902fb1fc55445df3b963f44d021119b36bf5dd32dceba2ef407fb4
-
SSDEEP
6144:7D7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:7l8E4w5huat7UovONzbXw
Behavioral task
behavioral1
Sample
dcddac42de4c2fc0364b9a343bf1a344_JaffaCakes118.exe
Resource
win7-20241023-en
Malware Config
Extracted
darkcomet
Nuevo
87.221.49.179:1604
stealht.no-ip.biz:1604
192.168.1.129:1604
127.0.0.1:1604
DC_MUTEX-SVYNZJ4
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
bYFqC5Pe6j8A
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroSound
Targets
-
-
Target
dcddac42de4c2fc0364b9a343bf1a344_JaffaCakes118
-
Size
253KB
-
MD5
dcddac42de4c2fc0364b9a343bf1a344
-
SHA1
3f328948addf10670e26eb2e400df752c2256c6a
-
SHA256
e77f7308e33f65c60c4583403757b922f60c2b652be673c6f05d3bb8e5cbaebc
-
SHA512
5b10125fd3ef4a4a81458cd5d41fdf62bab0b45ec36219be8040a071dca9da3db09f463548902fb1fc55445df3b963f44d021119b36bf5dd32dceba2ef407fb4
-
SSDEEP
6144:7D7cY2fgssM7Wirg9KXylmRiL+QMeC/i6isqX7UovnONztByipwxZ:7l8E4w5huat7UovONzbXw
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1