General
-
Target
JaffaCakes118_44773ef2374ab0a0cc5a44e4e654f58a
-
Size
660KB
-
Sample
250303-d7z4rav1es
-
MD5
44773ef2374ab0a0cc5a44e4e654f58a
-
SHA1
9ebb6678726302aea5c1bd08e645682db36e1581
-
SHA256
a5e9e450f1935d4ddedb730bf319f8d982f3c273913746bb1f84b63abe861e1c
-
SHA512
4a6fdb12a665388caf21969f5fe81f63e448a05653b988c894e627b210ad708ef7f2486dd526bc3e4b6a8013b962515f6afc82be3a9d863e61b5f4f4dc6db884
-
SSDEEP
12288:EXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UU:SnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jk
Behavioral task
behavioral1
Sample
JaffaCakes118_44773ef2374ab0a0cc5a44e4e654f58a.exe
Resource
win7-20240903-en
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:4444
black12345.zapto.org:4444
DC_MUTEX-F54S21D
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
Y4pNceiPUfLV
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
MicroUpdate
Targets
-
-
Target
JaffaCakes118_44773ef2374ab0a0cc5a44e4e654f58a
-
Size
660KB
-
MD5
44773ef2374ab0a0cc5a44e4e654f58a
-
SHA1
9ebb6678726302aea5c1bd08e645682db36e1581
-
SHA256
a5e9e450f1935d4ddedb730bf319f8d982f3c273913746bb1f84b63abe861e1c
-
SHA512
4a6fdb12a665388caf21969f5fe81f63e448a05653b988c894e627b210ad708ef7f2486dd526bc3e4b6a8013b962515f6afc82be3a9d863e61b5f4f4dc6db884
-
SSDEEP
12288:EXhpvNWw276S/DuoeFcfbmiJ99VPhYR5MTSHvLenELrWv1lZw4JuMkMh/fy452UU:SnAw2WWeFcfbP9VPSPMTSPL/rWvzq4Jk
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1