General
-
Target
16c9358a072835318e5dea20de26eeb0_JaffaCakes118
-
Size
649KB
-
Sample
240627-vj857a1bqh
-
MD5
16c9358a072835318e5dea20de26eeb0
-
SHA1
b325b5d81849ffca24996944d29a0c09c7a76f9d
-
SHA256
9e0d50340f70d8982f94bfba72c1f031378207726da8519a80eb79835ecb8e51
-
SHA512
97d29e6672f9a8499e7d822efefddf2f0e9a8fa5f59f09485e855af9b51a41be8231979e6c30ebc15fd66a6980a13e73ff3509be2b67eebc8efabed1dc300a3b
-
SSDEEP
12288:lk0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aVm:G0QpGih4bd0rv5+l5szLXj917cqPu91W
Behavioral task
behavioral1
Sample
16c9358a072835318e5dea20de26eeb0_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
16c9358a072835318e5dea20de26eeb0_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
darkcomet
Guest16_min
para23.no-ip.biz:1604
DCMIN_MUTEX-SMTHKXF
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
tRvzdAm3Xolc
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Targets
-
-
Target
16c9358a072835318e5dea20de26eeb0_JaffaCakes118
-
Size
649KB
-
MD5
16c9358a072835318e5dea20de26eeb0
-
SHA1
b325b5d81849ffca24996944d29a0c09c7a76f9d
-
SHA256
9e0d50340f70d8982f94bfba72c1f031378207726da8519a80eb79835ecb8e51
-
SHA512
97d29e6672f9a8499e7d822efefddf2f0e9a8fa5f59f09485e855af9b51a41be8231979e6c30ebc15fd66a6980a13e73ff3509be2b67eebc8efabed1dc300a3b
-
SSDEEP
12288:lk0QNlxOnizg37k4LUSd0rv5WvYW5HMzLXj9pqQd7cqESAYi991fA/aVm:G0QpGih4bd0rv5+l5szLXj917cqPu91W
Score10/10-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-