General
-
Target
JaffaCakes118_4dac262f5b8c8fe03c2339afec76b0cc
-
Size
302KB
-
Sample
250304-qyfd7ssk13
-
MD5
4dac262f5b8c8fe03c2339afec76b0cc
-
SHA1
6b04f29af4cc1fa10975935b9b000e2b552f6e8e
-
SHA256
360ae8775f8e3ac7a975676fc33585190c90ead599563b35b780cca560c6a665
-
SHA512
ed257ab75b542d0f03f9118d170b1eb50e3c6a82e6287b33d58c0241d787bafdb5d59cd59b41f04a47f777d0f052e0e8b945916df8959e38128f968d48aa2c40
-
SSDEEP
6144:Vz+ZIja7JiVzDfdUITRilQ37imhVltGNPl4/fRq4vTBxvVjk5CKOh:Vz+4KMVzDfrTRYQ3+WltCiHE4vTB3cwh
Behavioral task
behavioral1
Sample
JaffaCakes118_4dac262f5b8c8fe03c2339afec76b0cc.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4dac262f5b8c8fe03c2339afec76b0cc.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
rocker340.no-ip.org:1337
DC_MUTEX-TACZ1FF
-
InstallPath
Windupdt\winupdate.exe
-
gencode
�SfhT/hs8bG+
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
winupdater
Targets
-
-
Target
JaffaCakes118_4dac262f5b8c8fe03c2339afec76b0cc
-
Size
302KB
-
MD5
4dac262f5b8c8fe03c2339afec76b0cc
-
SHA1
6b04f29af4cc1fa10975935b9b000e2b552f6e8e
-
SHA256
360ae8775f8e3ac7a975676fc33585190c90ead599563b35b780cca560c6a665
-
SHA512
ed257ab75b542d0f03f9118d170b1eb50e3c6a82e6287b33d58c0241d787bafdb5d59cd59b41f04a47f777d0f052e0e8b945916df8959e38128f968d48aa2c40
-
SSDEEP
6144:Vz+ZIja7JiVzDfdUITRilQ37imhVltGNPl4/fRq4vTBxvVjk5CKOh:Vz+4KMVzDfrTRYQ3+WltCiHE4vTB3cwh
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Windows security bypass
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
5