General
-
Target
JaffaCakes118_51d044e3e350c13f6d5fe0cf0d81689c
-
Size
327KB
-
Sample
250305-m9k72sw1bz
-
MD5
51d044e3e350c13f6d5fe0cf0d81689c
-
SHA1
cbee994c15d826572b00aef196dfc14c3a01633e
-
SHA256
dd22ebdc9f9b86c994604fe3d84abd0e7b1889191c91521ce71d3ab73c3fb01b
-
SHA512
0d29983cb2a7f1163e513bfdca8a73689895a6e2892542de7dbbdc528f91e3298804b7adca7e15bda61b5fa20dc143b0bd537586bec8aba568244401ad97cc86
-
SSDEEP
6144:9tkXQh+fOZTb4rVfYn33rVRRF5GPXpkHg0Sme9k4GgzsdHXTvLRUQSOObAIAWgcK:TV0BZT/hWXgPgmVjGMBpN
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_51d044e3e350c13f6d5fe0cf0d81689c.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_51d044e3e350c13f6d5fe0cf0d81689c.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
graziaasus.no-ip.org:4011
DC_MUTEX-9HBWRD0
-
InstallPath
Windupdt\winupdate.exe
-
gencode
UXADNe�f7C.q
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
winupdater
Targets
-
-
Target
JaffaCakes118_51d044e3e350c13f6d5fe0cf0d81689c
-
Size
327KB
-
MD5
51d044e3e350c13f6d5fe0cf0d81689c
-
SHA1
cbee994c15d826572b00aef196dfc14c3a01633e
-
SHA256
dd22ebdc9f9b86c994604fe3d84abd0e7b1889191c91521ce71d3ab73c3fb01b
-
SHA512
0d29983cb2a7f1163e513bfdca8a73689895a6e2892542de7dbbdc528f91e3298804b7adca7e15bda61b5fa20dc143b0bd537586bec8aba568244401ad97cc86
-
SSDEEP
6144:9tkXQh+fOZTb4rVfYn33rVRRF5GPXpkHg0Sme9k4GgzsdHXTvLRUQSOObAIAWgcK:TV0BZT/hWXgPgmVjGMBpN
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies security service
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
2Disable or Modify Tools
2Modify Registry
6