General
-
Target
JaffaCakes118_1e436c0c825c20cd124da22141eabed4
-
Size
1.2MB
-
Sample
250223-d77htsxqw7
-
MD5
1e436c0c825c20cd124da22141eabed4
-
SHA1
4fcffcf7f1283364d9b890733bae5341f3328c29
-
SHA256
1557ad8e05d89095afbe21e342c21050c3fe54bd100bd3f00a64f3b1c6f63313
-
SHA512
bd0c4c8e065ea03c8ce3a0bbb14851eec74dd9666d774c9f369353080a242ab84f4feeb906950c406d53bee81de24a631958706a0e1db832747ca5bdb4e93c98
-
SSDEEP
24576:imYLKyovOTPoWMP3EqX3YiP9xsM3qgQCbWyOPK/cRgOnmq9g6iB36rKX63:imzf7EuYVM3qdyrcOU7m6KlA
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_1e436c0c825c20cd124da22141eabed4.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1e436c0c825c20cd124da22141eabed4.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
mdk45.zapto.org:1604
DC_MUTEX-MSP51MA
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Ntgsqahc793H
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
JaffaCakes118_1e436c0c825c20cd124da22141eabed4
-
Size
1.2MB
-
MD5
1e436c0c825c20cd124da22141eabed4
-
SHA1
4fcffcf7f1283364d9b890733bae5341f3328c29
-
SHA256
1557ad8e05d89095afbe21e342c21050c3fe54bd100bd3f00a64f3b1c6f63313
-
SHA512
bd0c4c8e065ea03c8ce3a0bbb14851eec74dd9666d774c9f369353080a242ab84f4feeb906950c406d53bee81de24a631958706a0e1db832747ca5bdb4e93c98
-
SSDEEP
24576:imYLKyovOTPoWMP3EqX3YiP9xsM3qgQCbWyOPK/cRgOnmq9g6iB36rKX63:imzf7EuYVM3qdyrcOU7m6KlA
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1