General
-
Target
e1aaadeea3b6a7eb266464759e3015e0_JaffaCakes118
-
Size
1.7MB
-
Sample
241211-qpdh9aymhq
-
MD5
e1aaadeea3b6a7eb266464759e3015e0
-
SHA1
b8598cc86990f8037a337d37d815bf6bc2731a4f
-
SHA256
a56b7626f51392efde61f7badbde40701275e457ee210b22aab17592b9c009a9
-
SHA512
8b86674e6d410ea4d0dd5e76b584388dcc8aa12880f11e964c18019b289bd651dfe056464448be6d0a90090fdbf39cb32ff9a11f94fb9fd62e9637eb0409c1fb
-
SSDEEP
12288:BPr07ZEcWwpOYrEAw5bq4RGLeEF7EDG2O2fra7RSRUL7uHDIbntFuisEi6v3DyNq:BjQcbUADuU8iWr9itzwZTEqjQ0EBbtG
Static task
static1
Behavioral task
behavioral1
Sample
e1aaadeea3b6a7eb266464759e3015e0_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
darkcomet
Victim
loldude12345.zapto.org:1604
DC_MUTEX-WYV5PKM
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
oiVpUYYaVk85
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
e1aaadeea3b6a7eb266464759e3015e0_JaffaCakes118
-
Size
1.7MB
-
MD5
e1aaadeea3b6a7eb266464759e3015e0
-
SHA1
b8598cc86990f8037a337d37d815bf6bc2731a4f
-
SHA256
a56b7626f51392efde61f7badbde40701275e457ee210b22aab17592b9c009a9
-
SHA512
8b86674e6d410ea4d0dd5e76b584388dcc8aa12880f11e964c18019b289bd651dfe056464448be6d0a90090fdbf39cb32ff9a11f94fb9fd62e9637eb0409c1fb
-
SSDEEP
12288:BPr07ZEcWwpOYrEAw5bq4RGLeEF7EDG2O2fra7RSRUL7uHDIbntFuisEi6v3DyNq:BjQcbUADuU8iWr9itzwZTEqjQ0EBbtG
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-