General
-
Target
14a6e1c84e45575e26b0e257027360a6_JaffaCakes118
-
Size
394KB
-
Sample
240627-ewffmssanf
-
MD5
14a6e1c84e45575e26b0e257027360a6
-
SHA1
dfb51b2676aa1f5df7e7c3fb08bde9f207af4eef
-
SHA256
ce751eb4d83745b8840ad0d5043aff47006370c7330dcc77d82cb2b415b4b168
-
SHA512
9aefba222e068600bc306b675d2f65358dc219a633838e3f58d11e02b635429aaa355646eec3f2dc291fb9d5f257d46de33d6ac14867a517c0de69e66e33712e
-
SSDEEP
12288:iChxW5tZCI1RxgkdudlRfspS+YpiHshN:PULxgkduKpCOshN
Static task
static1
Behavioral task
behavioral1
Sample
14a6e1c84e45575e26b0e257027360a6_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
14a6e1c84e45575e26b0e257027360a6_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
killerr
109.224.12.114:1604
DCMIN_MUTEX-YF39D0X
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
2DHEW0z9rRbl
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
14a6e1c84e45575e26b0e257027360a6_JaffaCakes118
-
Size
394KB
-
MD5
14a6e1c84e45575e26b0e257027360a6
-
SHA1
dfb51b2676aa1f5df7e7c3fb08bde9f207af4eef
-
SHA256
ce751eb4d83745b8840ad0d5043aff47006370c7330dcc77d82cb2b415b4b168
-
SHA512
9aefba222e068600bc306b675d2f65358dc219a633838e3f58d11e02b635429aaa355646eec3f2dc291fb9d5f257d46de33d6ac14867a517c0de69e66e33712e
-
SSDEEP
12288:iChxW5tZCI1RxgkdudlRfspS+YpiHshN:PULxgkduKpCOshN
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-