General
-
Target
JaffaCakes118_0d2e6264031502a4a23f4e94e799c3af
-
Size
2.0MB
-
Sample
250604-eht2wazxet
-
MD5
0d2e6264031502a4a23f4e94e799c3af
-
SHA1
445bcf4de35b1e892534b3b3bf43eb298323ca92
-
SHA256
403339e5ba26be619d50188edc37d763a9e76f30c2b053a2d3f6ae85a6fcae57
-
SHA512
0e7b098bbe8c1901185da62c31c78e058cd4690e66659e83a9aa5e84c2132b379e3e48a1a35bacaf05ff5197d2a823b6b973bfd77f12759e2fb1bf1652208369
-
SSDEEP
49152:ujv9eqOj5KFzXsV/MrM6TC6kEiXiL3CzO/gurq5rzWAZQfXRv:uxtOj5KFzcVE4IUXiLoZauQvRv
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_0d2e6264031502a4a23f4e94e799c3af.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_0d2e6264031502a4a23f4e94e799c3af.exe
Resource
win11-20250502-en
Malware Config
Extracted
darkcomet
PADILASAHIWA
drkc.no-ip.biz:2605
DC_MUTEX-XT4W5MP
-
InstallPath
MSDCSC\windowsupdater.exe
-
gencode
nR7TKDNYZglG
-
install
true
-
offline_keylogger
true
-
password
tingil123
-
persistence
true
-
reg_key
MicrosoftUpdate
Targets
-
-
Target
JaffaCakes118_0d2e6264031502a4a23f4e94e799c3af
-
Size
2.0MB
-
MD5
0d2e6264031502a4a23f4e94e799c3af
-
SHA1
445bcf4de35b1e892534b3b3bf43eb298323ca92
-
SHA256
403339e5ba26be619d50188edc37d763a9e76f30c2b053a2d3f6ae85a6fcae57
-
SHA512
0e7b098bbe8c1901185da62c31c78e058cd4690e66659e83a9aa5e84c2132b379e3e48a1a35bacaf05ff5197d2a823b6b973bfd77f12759e2fb1bf1652208369
-
SSDEEP
49152:ujv9eqOj5KFzXsV/MrM6TC6kEiXiL3CzO/gurq5rzWAZQfXRv:uxtOj5KFzcVE4IUXiLoZauQvRv
-
Ardamax family
-
Darkcomet family
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Modifies security service
-
Windows security bypass
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
3Disable or Modify System Firewall
1Disable or Modify Tools
2Modify Registry
7