General
-
Target
f38dd1bc726b59e23dfaac331981349f_JaffaCakes118
-
Size
1.4MB
-
Sample
241215-md3r8a1lhw
-
MD5
f38dd1bc726b59e23dfaac331981349f
-
SHA1
6e9a25eeff4f7e6e3e9b1ed4314eff886433aff9
-
SHA256
08057b729ad21b690a8a7130c81684b7635beb9f692520a081c926b21d3cbca3
-
SHA512
a17d5a0e912bc0bca35679c20ddd908c3e8a69705fc1096ac497178d396b23ad94d72de66ece1098968c7a00e1a1ac0bd853dd33e93c6da51436b6b0cd905502
-
SSDEEP
24576:0aHMv6CorjqnyC8llDnsHDumtkowIN/Vfy2t+G5ezJ52bLlL:01vqjdC8rDsH7tkowQtq2t+GQ4lL
Static task
static1
Behavioral task
behavioral1
Sample
f38dd1bc726b59e23dfaac331981349f_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
M&M
nikagogichaishvili.no-ip.info:1604
DC_MUTEX-98H0DN8
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
nn4atqrKN3Pk
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
svchost
Targets
-
-
Target
f38dd1bc726b59e23dfaac331981349f_JaffaCakes118
-
Size
1.4MB
-
MD5
f38dd1bc726b59e23dfaac331981349f
-
SHA1
6e9a25eeff4f7e6e3e9b1ed4314eff886433aff9
-
SHA256
08057b729ad21b690a8a7130c81684b7635beb9f692520a081c926b21d3cbca3
-
SHA512
a17d5a0e912bc0bca35679c20ddd908c3e8a69705fc1096ac497178d396b23ad94d72de66ece1098968c7a00e1a1ac0bd853dd33e93c6da51436b6b0cd905502
-
SSDEEP
24576:0aHMv6CorjqnyC8llDnsHDumtkowIN/Vfy2t+G5ezJ52bLlL:01vqjdC8rDsH7tkowQtq2t+GQ4lL
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1