General
-
Target
JaffaCakes118_41e98aa69a198f332c21b9305b52f894
-
Size
1.4MB
-
Sample
250302-w945la1vbt
-
MD5
41e98aa69a198f332c21b9305b52f894
-
SHA1
2e70f0aca3443a9d0189b7fddca1c55884a571fc
-
SHA256
250b15a0977311d8328f545632f55bea0e84d40b6175440130de608f94beca7d
-
SHA512
ac3a0a2a7795ddc8837c86b241ba44721a41a051a60bd8d9ccf0cf6e5c86777070a228555aafb3212c68e16e3d0634085770d76ac439f06782fb65cba08a13ad
-
SSDEEP
24576:V3W5xgcy6liY3KLjQ3CdfQU0vJ+O/bDrgyS+glhOfQO5PTnK/cRgOnmq9g6BzAeQ:E5xgX6YMWM5JvUuEfVM5YcOU7m6u
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_41e98aa69a198f332c21b9305b52f894.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_41e98aa69a198f332c21b9305b52f894.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
- gencode
-
install
false
-
offline_keylogger
false
-
persistence
false
Extracted
darkcomet
Guest16
khadi1.no-ip.biz:987
DC_MUTEX-MEAL357
-
gencode
miWYMpE80PCG
-
install
false
-
offline_keylogger
true
-
password
khadi123
-
persistence
false
Targets
-
-
Target
JaffaCakes118_41e98aa69a198f332c21b9305b52f894
-
Size
1.4MB
-
MD5
41e98aa69a198f332c21b9305b52f894
-
SHA1
2e70f0aca3443a9d0189b7fddca1c55884a571fc
-
SHA256
250b15a0977311d8328f545632f55bea0e84d40b6175440130de608f94beca7d
-
SHA512
ac3a0a2a7795ddc8837c86b241ba44721a41a051a60bd8d9ccf0cf6e5c86777070a228555aafb3212c68e16e3d0634085770d76ac439f06782fb65cba08a13ad
-
SSDEEP
24576:V3W5xgcy6liY3KLjQ3CdfQU0vJ+O/bDrgyS+glhOfQO5PTnK/cRgOnmq9g6BzAeQ:E5xgX6YMWM5JvUuEfVM5YcOU7m6u
-
Darkcomet family
-
Modifies security service
-
Windows security bypass
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Windows security modification
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Virtualization/Sandbox Evasion
1