General
-
Target
f354fe54a8c1c49d5dc7fce13f6b5458_JaffaCakes118
-
Size
658KB
-
Sample
241215-la8cvszma1
-
MD5
f354fe54a8c1c49d5dc7fce13f6b5458
-
SHA1
aa55c82fe69c47749097990b60c5136c168db863
-
SHA256
395217f00e128d72ab7ccb1a198e7b366b34ebb051a02b28297eaa5fcb5abc09
-
SHA512
bcd579cf4baac21941c60652cf22697ea82a69e2486881f47cec7719077441dea8bb53e53a3d3e1948900e4d4911a8caa382b0ad4c4220b6f69152d4c565f141
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hK:eZ1xuVVjfFoynPaVBUR8f+kN10EBQ
Behavioral task
behavioral1
Sample
f354fe54a8c1c49d5dc7fce13f6b5458_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Slave
mrdaniel.no-ip.org:18418
DC_MUTEX-AGN4CQ3
-
InstallPath
SystemM\SystemHJ.exe
-
gencode
KkWtqDcdwDun
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
f354fe54a8c1c49d5dc7fce13f6b5458_JaffaCakes118
-
Size
658KB
-
MD5
f354fe54a8c1c49d5dc7fce13f6b5458
-
SHA1
aa55c82fe69c47749097990b60c5136c168db863
-
SHA256
395217f00e128d72ab7ccb1a198e7b366b34ebb051a02b28297eaa5fcb5abc09
-
SHA512
bcd579cf4baac21941c60652cf22697ea82a69e2486881f47cec7719077441dea8bb53e53a3d3e1948900e4d4911a8caa382b0ad4c4220b6f69152d4c565f141
-
SSDEEP
12288:y9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hK:eZ1xuVVjfFoynPaVBUR8f+kN10EBQ
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1