General
-
Target
JaffaCakes118_21b1ae9a5d823996ba865280b25de379
-
Size
1.2MB
-
Sample
250225-abe7xswmw2
-
MD5
21b1ae9a5d823996ba865280b25de379
-
SHA1
6a989c860cfca43b389647e2afe16cf8487b0e15
-
SHA256
345a6f15de47f70f150adc2e076feded9c8cf6ac69d479e756d8d484ac212a15
-
SHA512
79533ce677b8d637e004b2c0bd1c1241a6c6e3e9a5973b0fd030c7bdd95232b3259943a44f83e2a2e230def4d73b8fb8c177149aff3809c9c7f2d9569f774559
-
SSDEEP
24576:LKrjnxH3/n3N7cpCiBXxjMrO7vVXfMCxwRyWRlJChduj8yNfG:L0jxH3P3N7cNBXxjqO7RtiRyoS08yNfG
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_21b1ae9a5d823996ba865280b25de379.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_21b1ae9a5d823996ba865280b25de379.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
kooat.no-ip.biz:10000
DC_MUTEX-798GFF5
-
gencode
6BY9j91vo2kr
-
install
false
-
offline_keylogger
true
-
persistence
false
Targets
-
-
Target
JaffaCakes118_21b1ae9a5d823996ba865280b25de379
-
Size
1.2MB
-
MD5
21b1ae9a5d823996ba865280b25de379
-
SHA1
6a989c860cfca43b389647e2afe16cf8487b0e15
-
SHA256
345a6f15de47f70f150adc2e076feded9c8cf6ac69d479e756d8d484ac212a15
-
SHA512
79533ce677b8d637e004b2c0bd1c1241a6c6e3e9a5973b0fd030c7bdd95232b3259943a44f83e2a2e230def4d73b8fb8c177149aff3809c9c7f2d9569f774559
-
SSDEEP
24576:LKrjnxH3/n3N7cpCiBXxjMrO7vVXfMCxwRyWRlJChduj8yNfG:L0jxH3P3N7cNBXxjqO7RtiRyoS08yNfG
-
Darkcomet family
-
Modifies firewall policy service
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1