General
-
Target
JaffaCakes118_4f9db8acfee94992c91288a6a729b1a0
-
Size
251KB
-
Sample
250304-zz3qka1pv2
-
MD5
4f9db8acfee94992c91288a6a729b1a0
-
SHA1
defe88b3d2335bbd6ac16caa72b596ef118ddc9e
-
SHA256
00d0927a202e17cd9493f2848ef9b807f29aed3bd4ad18ccaa776224a71f3139
-
SHA512
f992ea6558f28ae2b4065c5d8bd0e4efa977c8cdbd50ce998d133a570830a3025c7d572ce3f8467371c13f91af66c23a19a5cd11df91705fc9476178e5ed5f06
-
SSDEEP
6144:1cNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:1cW7KEZlPzCy37
Behavioral task
behavioral1
Sample
JaffaCakes118_4f9db8acfee94992c91288a6a729b1a0.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4f9db8acfee94992c91288a6a729b1a0.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
aa1.no-ip.info:3175
DC_MUTEX-HUT43HU
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
bStBj9WpETtE
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
JaffaCakes118_4f9db8acfee94992c91288a6a729b1a0
-
Size
251KB
-
MD5
4f9db8acfee94992c91288a6a729b1a0
-
SHA1
defe88b3d2335bbd6ac16caa72b596ef118ddc9e
-
SHA256
00d0927a202e17cd9493f2848ef9b807f29aed3bd4ad18ccaa776224a71f3139
-
SHA512
f992ea6558f28ae2b4065c5d8bd0e4efa977c8cdbd50ce998d133a570830a3025c7d572ce3f8467371c13f91af66c23a19a5cd11df91705fc9476178e5ed5f06
-
SSDEEP
6144:1cNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37:1cW7KEZlPzCy37
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Disables Task Manager via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
6