General
-
Target
JaffaCakes118_55878493b2278b1fb1d6491cf467b63f
-
Size
879KB
-
Sample
250306-jnqnvssyav
-
MD5
55878493b2278b1fb1d6491cf467b63f
-
SHA1
e567da5190b0d47b9e459d0fb1ff3cb05c4f0ea9
-
SHA256
1e93e2fbeaf80699dc0cb0b4a515aab900c410f3df2a533dab4d5668e067f0d7
-
SHA512
09c833aff4f4a19aeb195c31800fc21124f6a81e0853d053063b5c35162b85e0cbb316e517f5737dd9118dc62dcff6b2ee19a3bc58ea93d8dbc42341297adac0
-
SSDEEP
12288:r9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK4ekPmCA3vg:5AQ6Zx9cxTmOrucTIEFSpOGMIA3o
Behavioral task
behavioral1
Sample
JaffaCakes118_55878493b2278b1fb1d6491cf467b63f.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_55878493b2278b1fb1d6491cf467b63f.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
darkcomet
Guest16
romeo.hopto.org:2011
DC_MUTEX-F54S21D
-
InstallPath
Windupdt\winupdate.exe
-
gencode
mZAhdaK9mugP
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
winupdater
Targets
-
-
Target
JaffaCakes118_55878493b2278b1fb1d6491cf467b63f
-
Size
879KB
-
MD5
55878493b2278b1fb1d6491cf467b63f
-
SHA1
e567da5190b0d47b9e459d0fb1ff3cb05c4f0ea9
-
SHA256
1e93e2fbeaf80699dc0cb0b4a515aab900c410f3df2a533dab4d5668e067f0d7
-
SHA512
09c833aff4f4a19aeb195c31800fc21124f6a81e0853d053063b5c35162b85e0cbb316e517f5737dd9118dc62dcff6b2ee19a3bc58ea93d8dbc42341297adac0
-
SSDEEP
12288:r9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnK4ekPmCA3vg:5AQ6Zx9cxTmOrucTIEFSpOGMIA3o
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Windows security modification
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
7