General
-
Target
e7b73ce97bfba7fb0f034b73f418c95d_JaffaCakes118
-
Size
251KB
-
Sample
241212-w6kxjssphz
-
MD5
e7b73ce97bfba7fb0f034b73f418c95d
-
SHA1
29df206f5e1a8f929518edb2d636b07638a71e9d
-
SHA256
05dd8e51fa3d08ac6d5c4bb6c8692bbb5991624dd625c4dbb8c40773634a5bc4
-
SHA512
d6512d7d2bd351bddea9ca5a71d1270752da43e0b754a01664ddb34e61c1df5e68a7f929badd370a9bcc2cf6e54657a706f68f9ba33ef613bf4911a95bae15b6
-
SSDEEP
6144:GcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37c:GcW7KEZlPzCy37c
Behavioral task
behavioral1
Sample
e7b73ce97bfba7fb0f034b73f418c95d_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Sandbox
sammich.zapto.org:20000
127.0.0.1:20000
DC_MUTEX-9M2A57V
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
EeioSF9CjmMk
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
e7b73ce97bfba7fb0f034b73f418c95d_JaffaCakes118
-
Size
251KB
-
MD5
e7b73ce97bfba7fb0f034b73f418c95d
-
SHA1
29df206f5e1a8f929518edb2d636b07638a71e9d
-
SHA256
05dd8e51fa3d08ac6d5c4bb6c8692bbb5991624dd625c4dbb8c40773634a5bc4
-
SHA512
d6512d7d2bd351bddea9ca5a71d1270752da43e0b754a01664ddb34e61c1df5e68a7f929badd370a9bcc2cf6e54657a706f68f9ba33ef613bf4911a95bae15b6
-
SSDEEP
6144:GcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37c:GcW7KEZlPzCy37c
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1