General
-
Target
JaffaCakes118_9a4238d07b78cedaf9f16693faadaf26e524d37d82989871b7e8875a38c16318
-
Size
1.1MB
-
Sample
241222-y1gn2sxpct
-
MD5
86293673d26bf1147c4d30b788a8daf1
-
SHA1
113e557deaa3602893bdd50ffb4ac9880cc20d79
-
SHA256
9a4238d07b78cedaf9f16693faadaf26e524d37d82989871b7e8875a38c16318
-
SHA512
65a4d09416e6898c18bb91c80c666e47ae57b3a5f0cf4827f9602392a648e1f39984945e0b4706c906af15c06244da1bded9eae92356f95a8b7ec697037759ea
-
SSDEEP
24576:UGIllGQbztkD3hqAYZg7PEtMJa7Wz9XypI1DWF64xDsFae:7IlN/yDRDDEtMJLNyQWF64eFp
Static task
static1
Behavioral task
behavioral1
Sample
new calc.exe
Resource
win7-20241023-en
Malware Config
Extracted
darkcomet
Guest16
dc2012.ddns.net:77
DC_MUTEX-F666ELN
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
M472kUGFekzF
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
new calc.bin
-
Size
1.1MB
-
MD5
0878b366dd695cc10da365b40f454062
-
SHA1
c21f65d76421ff06dab8ada263b5aca971a6d899
-
SHA256
098aef2de51c227361d72b5607b9ec7fe463d9a185ff5300577e96371c75a69c
-
SHA512
9b8213a3eea6f7fab26796768812a944539c0d2ea449b1354b51a6e71938d280c66babfd823d483c5faf797b86396680f9072bc12e954c5d32ee9fb16607c279
-
SSDEEP
24576:RQox/GpVEAIT5XRtEyAPqsw97uN+XmxjeU/+sbG:RQoc45XTEyACt7uNHX/zbG
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2