General
-
Target
f30ed8f5df2593f3c1e4cc6a510d227c_JaffaCakes118
-
Size
232KB
-
Sample
241215-jxmzbszncm
-
MD5
f30ed8f5df2593f3c1e4cc6a510d227c
-
SHA1
3238ef0a8d00d8e0dd2183692d22eef5a5335b16
-
SHA256
a378990bcc456c90a9e41ec8b2afd5d79bb650f0950666d4764dd3b59fa2bb06
-
SHA512
9076ece426086690df6d32d2a151fc1fd922fb1eca72bebb1e09d8cd271ccd247064cde2975db0a6dac53060a98b0f0761fd7dc913ddacc65c8e6dd9be75b570
-
SSDEEP
6144:6jFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMhoS:aFy9bPQZlFjrG0ZmYbw0oS
Behavioral task
behavioral1
Sample
f30ed8f5df2593f3c1e4cc6a510d227c_JaffaCakes118.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
f30ed8f5df2593f3c1e4cc6a510d227c_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
darkcomet
Guest16_min
sayah.zapto.org:267
DCMIN_MUTEX-LW8HYLF
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
409jcp2mUa9p
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
Face_upda
Targets
-
-
Target
f30ed8f5df2593f3c1e4cc6a510d227c_JaffaCakes118
-
Size
232KB
-
MD5
f30ed8f5df2593f3c1e4cc6a510d227c
-
SHA1
3238ef0a8d00d8e0dd2183692d22eef5a5335b16
-
SHA256
a378990bcc456c90a9e41ec8b2afd5d79bb650f0950666d4764dd3b59fa2bb06
-
SHA512
9076ece426086690df6d32d2a151fc1fd922fb1eca72bebb1e09d8cd271ccd247064cde2975db0a6dac53060a98b0f0761fd7dc913ddacc65c8e6dd9be75b570
-
SSDEEP
6144:6jFy93LU92VxOtVflFud4TnxcpPTASCmqMorHwMhoS:aFy9bPQZlFjrG0ZmYbw0oS
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1