General
-
Target
JaffaCakes118_3d840bd3645c2e771925f69f01f57d79
-
Size
662KB
-
Sample
250302-dsdbfasxhx
-
MD5
3d840bd3645c2e771925f69f01f57d79
-
SHA1
6968de7239ecfe40e3abd82cc511a56d522ebcb0
-
SHA256
3a40dfa06d6cbf1460d577c9702f6a9fcfce8015efab1ae9291631a6aa114121
-
SHA512
79421ad6f143d46e49a5f2fb123dcadac20277619f5d2454ebc2489758fa9fbc981189dcec35130d7114afd1cf12102d00a33689d690c9a5f7d4dca8aa48894a
-
SSDEEP
12288:J+oo9XzmJrxpAs4AXJcgj1pQOU65WK1539jlFUl7u7i+wAHo8sY/H9WwH:JK9XKJdeAXj1pQo5WK1oluWLAkYHH
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_3d840bd3645c2e771925f69f01f57d79.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_3d840bd3645c2e771925f69f01f57d79.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-6WNCX4P
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
EX6ZMo5JYe6J
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
JaffaCakes118_3d840bd3645c2e771925f69f01f57d79
-
Size
662KB
-
MD5
3d840bd3645c2e771925f69f01f57d79
-
SHA1
6968de7239ecfe40e3abd82cc511a56d522ebcb0
-
SHA256
3a40dfa06d6cbf1460d577c9702f6a9fcfce8015efab1ae9291631a6aa114121
-
SHA512
79421ad6f143d46e49a5f2fb123dcadac20277619f5d2454ebc2489758fa9fbc981189dcec35130d7114afd1cf12102d00a33689d690c9a5f7d4dca8aa48894a
-
SSDEEP
12288:J+oo9XzmJrxpAs4AXJcgj1pQOU65WK1539jlFUl7u7i+wAHo8sY/H9WwH:JK9XKJdeAXj1pQo5WK1oluWLAkYHH
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1