General
-
Target
JaffaCakes118_1af3961d3eceac14e67e090ab84967ed
-
Size
2.0MB
-
Sample
250222-t9rs6awjx8
-
MD5
1af3961d3eceac14e67e090ab84967ed
-
SHA1
946181a01d9dd0a0337ab14d6f57f90dc5d29363
-
SHA256
13a8c8a3eb4bd0e2af4a08188ed98217dcbcfcfef8d862a2a2c4bcc0ca95d7c6
-
SHA512
4056e8b5267e87dff075a240da863488a63356db0fdfa175526858f65bd689b263cd35a11e1811f951656dc9302cde2b3b3aa1a6f5920e48ba342adc4bf9edea
-
SSDEEP
24576:PxGLXsolxr0wdKQ/zIehPIflgcQCVBvMkOfLHIfuD2ynNWF3TklqK:GDHKQ/1MQZzICowl5
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_1af3961d3eceac14e67e090ab84967ed.exe
Resource
win7-20250207-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1af3961d3eceac14e67e090ab84967ed.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
hackers-2007.zapto.org:1604
DC_MUTEX-LC2UPNF
-
InstallPath
Windupdt\winupdate.exe
-
gencode
cJAW7ndnjaMS
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
winupdater
Targets
-
-
Target
JaffaCakes118_1af3961d3eceac14e67e090ab84967ed
-
Size
2.0MB
-
MD5
1af3961d3eceac14e67e090ab84967ed
-
SHA1
946181a01d9dd0a0337ab14d6f57f90dc5d29363
-
SHA256
13a8c8a3eb4bd0e2af4a08188ed98217dcbcfcfef8d862a2a2c4bcc0ca95d7c6
-
SHA512
4056e8b5267e87dff075a240da863488a63356db0fdfa175526858f65bd689b263cd35a11e1811f951656dc9302cde2b3b3aa1a6f5920e48ba342adc4bf9edea
-
SSDEEP
24576:PxGLXsolxr0wdKQ/zIehPIflgcQCVBvMkOfLHIfuD2ynNWF3TklqK:GDHKQ/1MQZzICowl5
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
5Virtualization/Sandbox Evasion
1