General
-
Target
JaffaCakes118_19daacec9168d5da2bbb8e19a3e9e212
-
Size
382KB
-
Sample
250222-qchbnswpfs
-
MD5
19daacec9168d5da2bbb8e19a3e9e212
-
SHA1
35a81638d94d7b01de0d0d688fbeb99eace7cdf8
-
SHA256
509af80d81f94c96d5122e8786164565f1adae69d076e3aa7ba7fca1d190bfb2
-
SHA512
542d5fafe8b7da48c288d71ef3249e8f73de2733ca5be67690b8febe7788118bd12f528c86df2eb8b72db51f40396becee86d780f2173440d3627f67e200bdf9
-
SSDEEP
6144:S3P7OZg0Du89DiFoOEWDJu/jMMc51KXBmIzFFTpe53RTCTbunzm/Xw:cP7OC29WrEWD+wMc5iBmcRpeHCTsaA
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_19daacec9168d5da2bbb8e19a3e9e212.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
fangsnake3.zapto.org:2000
DC_MUTEX-F54S21D
-
gencode
4CSphW54z�K1
-
install
false
-
offline_keylogger
false
-
persistence
false
Targets
-
-
Target
JaffaCakes118_19daacec9168d5da2bbb8e19a3e9e212
-
Size
382KB
-
MD5
19daacec9168d5da2bbb8e19a3e9e212
-
SHA1
35a81638d94d7b01de0d0d688fbeb99eace7cdf8
-
SHA256
509af80d81f94c96d5122e8786164565f1adae69d076e3aa7ba7fca1d190bfb2
-
SHA512
542d5fafe8b7da48c288d71ef3249e8f73de2733ca5be67690b8febe7788118bd12f528c86df2eb8b72db51f40396becee86d780f2173440d3627f67e200bdf9
-
SSDEEP
6144:S3P7OZg0Du89DiFoOEWDJu/jMMc51KXBmIzFFTpe53RTCTbunzm/Xw:cP7OC29WrEWD+wMc5iBmcRpeHCTsaA
-
Darkcomet family
-
Modifies firewall policy service
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-