General
-
Target
JaffaCakes118_50e91c866780376d85903b3f77f2cbf4
-
Size
247KB
-
Sample
250305-g93jfa1py4
-
MD5
50e91c866780376d85903b3f77f2cbf4
-
SHA1
2f08bada5a8eacc0964be359ac86231264a9b062
-
SHA256
3309a7f3bdb1a45e96b408aff635b98f080721a5719ef9832bd395d6d60eed42
-
SHA512
8a535514a765d23bafc4c4d633f66d2cc5835ec388a9fa7598ec48d72cba7c6624ffdfe9e841bbafed4523d375cdf8b7a837377334d5af0693ca14185104aaa3
-
SSDEEP
6144:Eh365FFhnGsmuIFtNh36fMbPC/LO7sETVuX2ljWX/aBXW:u36DnGsmuIFz4fMbeysCWZIG
Behavioral task
behavioral1
Sample
MW1 ESP-Boxes Hack V.3.1.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
MW1 ESP-Boxes Hack V.3.1.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
0177cool.no-ip.org:1604
DC_MUTEX-MSEVEB3
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
PcRKqw9CAqUD
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
MW1 ESP-Boxes Hack V.3.1.exe
-
Size
253KB
-
MD5
2c1c85a951474923ca5cac7db2f52bd8
-
SHA1
573946f3cde8f3aa88bdc7fc273aa2867f6f0f8f
-
SHA256
86ff233d6f709f9701c5b21966f1b8cc874dda4ec6898deb28d5776130e34602
-
SHA512
8a16d9f7eb0796d3c6ba0e69afc564292b97bf0fedc681c8761b169eeef30616009994d6824b0aca08f654f4d64d967f44e44d9274114ddfbc790f87d5be06cd
-
SSDEEP
6144:aBJVqu5jxRl+t6Ge0qw0kw9+Ks9a8/7z6ln:atqwjxRl+t6GfL7zc
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1