General
-
Target
JaffaCakes118_432ae0531198837a134fa889a1c3bcb8
-
Size
788KB
-
Sample
250302-2zbm7aylt8
-
MD5
432ae0531198837a134fa889a1c3bcb8
-
SHA1
7b81aeaffb9bd9a215cf3ba3bfca97fa2bafa5f1
-
SHA256
f1951549c83f98983302f70f41e96fcd273eba5d8db8607645c6b2eb48c2d85a
-
SHA512
8fca174ed630c1a4b2150e07c7cab702914fe936b5842c643e4c252a7aa6d113b5e22ea5b2514a80650c32b36e119c95e860fcdc076e833da393318869025bf8
-
SSDEEP
12288:dYKzom4yNIr/WPpzQ1N/4odZdTVFltkl5ZduCPvLVzDkztklpLmx+corp:+4oO6/apzgN/4o1xFXkllziSpVcOp
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_432ae0531198837a134fa889a1c3bcb8.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
nydarion2.zapto.org:2525
DC_MUTEX-HRS8C6U
-
InstallPath
Windupdt\winupdate.exe
-
gencode
1o-r##XwizVR
-
install
true
-
offline_keylogger
false
-
password
boni
-
persistence
true
-
reg_key
winupdater
Targets
-
-
Target
JaffaCakes118_432ae0531198837a134fa889a1c3bcb8
-
Size
788KB
-
MD5
432ae0531198837a134fa889a1c3bcb8
-
SHA1
7b81aeaffb9bd9a215cf3ba3bfca97fa2bafa5f1
-
SHA256
f1951549c83f98983302f70f41e96fcd273eba5d8db8607645c6b2eb48c2d85a
-
SHA512
8fca174ed630c1a4b2150e07c7cab702914fe936b5842c643e4c252a7aa6d113b5e22ea5b2514a80650c32b36e119c95e860fcdc076e833da393318869025bf8
-
SSDEEP
12288:dYKzom4yNIr/WPpzQ1N/4odZdTVFltkl5ZduCPvLVzDkztklpLmx+corp:+4oO6/apzgN/4o1xFXkllziSpVcOp
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1